-----BEGIN PGP SIGNED MESSAGE-----
I must admit that I am troubled by making RSA/IDEA/MD5 a MUST when 2/3s
of those algorithms present patent and license issues.
In fact, it occurs to me that we have the issues back to front. Perhaps
we should decide what the MUST/SHOULD/MAYs are for the public key
algorithms first. If we decide something about RSA, be it one or other
of the choices, then as a tougher nut to crack, wouldn't it then have a
fairly serious bearing on IDEA?
For example, there is no point in IDEA being a MUST if RSA is a SHOULD.
And if RSA is a MUST, I would have thought that whatever the state of
IDEA, it would not indeed be the biggest of issues facing us.
If compatibility with pgp2.6, etc, is a MUST, then RSA is a MUST. Is
this acceptable? Have we already made a decision on RSA, or has the
IETF already pronounced (via the S/MIME group) a leaning on this?
- --
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21
iQCVAgUANFjzcZUdDk1bRs+FAQH11QQAg8urAgmLitR20utV/l9Qrj+KLW0is5v5
aIlJxKlGjATTlxcwcG6Xwi0m1qywp8bDu5nvuwNZtYFNt8Kf0uvDUrhFKCroYgjs
7y3gWdXuhVk2oAWpTBXcb0X6ti4vEMqV+oE/eX2z4hdbKungZMlvo/3JpBtfzu2o
82u9vCo0050=
=1aFQ
-----END PGP SIGNATURE-----