Uri Blumenthal wrote:
I raise the question of whether it is wise to allow backward compatibility
to force us to implement algorithms we wouldn't otherwise.
To which I posited some time in the past:
We only theoretically have the option to not require it. The number of
people using anything other than 2.6 or thereabouts is minute compared
to the installed base of "classic" PGP. Any clues on how many copies of
5.* have been sold?
To which Gene Hoffman kindly provided some numbers:
Some quick rough numbers. On the MIT keyservers there are now about 95,000
new public keys since 5/20. Of them 85% are DSS/DH(El Gamal) keys. Before
that I beleive that there were ~20K RSA keys...
Now, the number bandied about in documents I have seen indicates that 4
million users of 2.6 and similar exist. In 6 months of time, PGP Inc
appear to have sold 80k worth of keys. These are good numbers, I
congratulate them, but at 2% of the user base, they have a long way to
go.
I know that this group is concentrating on new users, because they are
the only ones who pay for software. However, I am not sure what
rational there is for a standard that does not take the installed base
as its target audience. After all, what is standardisation if it is not
taking existing work and hard-won lessons from existing product?
Lutz Donnerhacke says:........................
...
MD5 is must, because it is the default and backward compatible.
IDEA is must, because it is the default and backward compatible.
It *was* the default. Do we have to keep the outdated defaults?
I do not see any basis for declaring that default is "outdated" although
my own misgivings on the whole RSA/IDEA/MD5 thing - see my previous
post - are slowly clarifying, and it took writing this post to get
there. Ta muchly :-)
--
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com