With regard to a number of questions:
Paul Hoffman said more forcefully what I meant about IDEA being a MUST
algorithm. It's also my understanding that if any encumbered algorithm is a
MUST, the spec will be spiked. My comment was supposed to be dry humor,
akin to saying that if you light a match in a powder room, you may
experience superficial burns.
When I said CAST, I meant CAST5, a.k.a. CAST-128. CAST5 is the default
algorithm with PGP5, which is the reason I proposed it as a SHOULD, rather
than a MAY.
Getting a stronger version of DSA requires our getting a hash algorithm
that is longer than 160 bits. Once we have a better hash algorithm, we can
make a longer signature scheme.
I'd also like to note that the principle of "no weak crypto" is in the
charter, so I'm not including any weak algorithms, period.
I will be sure to note that a list of MAY algorithms does not exclude
algorithms not on the list, but since the algorithms have numeric constants
associated with them, there has to be something akin to a registry for
them. We might as well include a few desirable ones now, as it's the
perfect time.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
Chief Scientist 555 Twin Dolphin Drive
Pretty Good Privacy, Inc. Suite 570
(415) 596-1960 Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)