Hello Padgett,
1)
The word phrase "MAY use other algorithms", refers to those who want to include
ANY cryptographic algorithm. If you want to implement "OPEN-PGP" with RSA, or
some ECC asymmetric algorithm that has intellectual property rights issues, you
SHOULD be able to do so. We simply would not make it a REQUIREMENT.
2)
I just answered a similar question wrt "Limited" to the list.
3)
"Government and legislative policies SHOULD not..." Take the inverse of this
statement; IF the US Gov. says you MUST use a minimum of 128 key lengths...then
our charter would get confusing. I think the intent is well understood, forcing
a 40 key as a MUST is not a 'technically appropriate thing'
Your last statement is right on the money ! Peace
>That is that all possible configurations need to be allowed
>while subsets are created for special circumstances such as France.
Cheers,
CB
At 01:08 PM 8/22/97 -0400, you wrote:
Looks pretty good but would like some clarification:
The OPEN-PGP Specification will have provisions for;
1. interoperability using cryptographic algorithms (asymmetric/symmetric
including key lengths) that are consider strong, open and unencumbered,
and other algorithms MAY be used
This is not very good English - the word "may" removes any meaning/force.
2. limited backwards compatibility with the existing pgp message
What is meant by "limited" - read/verify signature only ? "Standard" should
not be concerned with licening unless the intent is only to allow Public
Domain algoritms in which case shouldn't that be in (1) ?
3. Government and legislative policies from any country SHOULD not impact the
specification
Word "SHOULD" makes it a null statement - has same effect as "MAY"
Rest is pretty much no-braners.
Personal feelings are that the top level standard needs to be as open as
possible while allowing for subsets. That is that all possible configurations
need to be allowed while subsets are created for special circumstances
such as France.
"What the large print giveth, the small print taketh away..."
Warmly,
Padgett