At 06:33 PM 10/28/1997 -0800, Paul Hoffman / IMC wrote:
At 05:54 PM 10/28/97 -0800, Jon Callas wrote:
Please note that arguing for IDEA being a MUST algorithm could lead to the
standard getting bogged down.
I think a better term would be "shot down". The IETF has voiced a strong
preference for unencumbered algorithms when available, and IDEA is
encumbered and has other choices, as you mention.
I agree. And it's not just a US-centric problem, unlike RSA;
the IDEA patent applies in much of Europe.
(1) MUST Triple-DES (because it's been more studied than CAST5).
Yeah, it wins. Dog-slow, but everybody's comfortable with it.
What about the 2-Key 3DES vs. 3-Key 3DES problem?
(There's also the minor annoyance that 3-Key 3DES needs
168 bits of key, and SHA-1 only gives you 160,
and if the standard was going to insist on something that
required 168 real bits I'd recommend changing it...)
(2) Only one MUST algorithm for simplicity.
If so, I'd say CAST5 rates at least a SHOULD; we need something
fast and unencumbered.
(3) SHOULD IDEA for compatibility with earlier PGPs (no need to do CAST5
since there is little implementation history).
I'
I lean toward SHOULD CAST5,
(4) Absolutely everything else is a MAY. Under no circumstances should we
list any MAYs. Implementors should be free to use whatever they want in
addition to the MUSTs and SHOULDs. We should add algorithm IDs for
everything that we know might be in use (such as Blowfish and CAST5), but
not use any words that limit the algorithms to that list.
Or if we do list MAYs, it's only to give them IDs,
not to limit the list.
Thanks!
Bill
Bill Stewart, stewarts(_at_)ix(_dot_)netcom(_dot_)com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639