So here are the questions:
(1) Which algorithm is the MUST algorithm?
Is there any speed relationships that matter ? Strength being equal, speed of
calculation should be the next discriminator (assume you mean CAST-128).
(2) Should there be more than one MUST algorithm, and if so, which ones?
Please note that arguing for IDEA being a MUST algorithm could lead to the
standard getting bogged down.
Suspect that there might be a way to induce the vendors to allow free
use of decryption and require license for encryption. Problem is that many have
archives.
(3) Should any remaining algorithms from the original suite be SHOULD or MAY?
I guess it depends on what the purpose is (and might be optional extras).
If the optional module cost was under $5 that should not be a problem
(particularly if the module could be reused with upgrades).
This is an interesting thought: since I purchased the Viacrypt product, I would
assume that would mean I have a license for RSA and IDEA. Does that original
license follow through to the later versions ?
(4) What other algorithm(s) do you want to see as MAY algorithms?
AES (if it ever comes out)
(1) Triple-DES (because it's less controversial than CAST5).
Agree, think it would be interesting if PGP should qualify under FIPS 140-1
(2) No, only one MUST algorithm.
Not sure if even that is necessary but since D-H and 3-DES are free, would
start there
(3) I'd like to see both CAST5 and IDEA as SHOULD algorithms.
(4) I have no preferences, but ones mentioned to me are Blowfish and SAFER128.
What are really talking about here is interoperability with other products.
Somewhat heretical I know but would like to be able to purchase a single
product that could exchange with PGP freeware, Entrust, Secret Agent, and
even Microsoft EXCHANGE "Advanced Security" (if the last ever meets my minimum
requirements for strength).
(actually would be even happier if Micro$oft ever gives up on its attempts
to provide "secure" nitch products & leaves that to people who know what they
are
doing.)
We have plenty of examples (TI 99/4, Sony Beta, PS/2) to show that proprietary
formats *even if superior* do not succeed.
Warmly,
Padgett