On 30 Oct 1997 iang(_at_)systemics(_dot_)com wrote:
To which Gene Hoffman kindly provided some numbers:
Some quick rough numbers. On the MIT keyservers there are now about 95,000
new public keys since 5/20. Of them 85% are DSS/DH(El Gamal) keys. Before
that I believe that there were ~20K RSA keys...
Now, the number bandied about in documents I have seen indicates that 4
million users of 2.6 and similar exist. In 6 months of time, PGP Inc
appear to have sold 80k worth of keys. These are good numbers, I
congratulate them, but at 2% of the user base, they have a long way to
go.
I think that comparing what is in use today (90K DSA/ElGamal keys versus
20K RSA keys) with how many total copies of an old piece of software
were distributed is a logical flaw. I grant that I am making an
assumption, but it would seem that the majority of keys in use would be
on the public keyring. Of these its clear that there is most likely a
majority of users with DSS/EG keys.
Ignoring that and moving to a couple of more important points, I believe
that the charter had or has a goal of creating a standard to which
implementors anywhere can implement without concern for intellectual
property rights. DSA, SHA-1, ElGamal, 3DES, and CAST5 are all
un-encumbered alogorithims. DSS/ElGamal with either 3DES or CAST should be
the standard MUSTs. If you as an applications developer wish to support
the "legacy" mode of PGP and can get the licenses to do so, please feel
free to implement a SHOULD of RSA/MD5/IDEA as well as
DSS/EG/(???3DES/CAST5????).
In this way Joe Schmoe in New Mexico and Fred Doe in Thailand can create a
conforming and useful application with "Applied Cryptography" and a C
compiler. Requiring RSA or IDEA means that both of them at least have to
go to Ascom Tech. Joe has got to get a license from Security Dynamics....
More crypto will get deployed if ANYONE can build it and sell it. Also, it
seems like "the interoperability problem" decreases linearly with time.
Once this proposal is done, I would hope that people like Ian will be
making available OpenPGP compliant software and toolkits that implement
both RSA/MD5/IDEA and DSS/EG/?3DES-CAST5? I certainly hope that no one is
expecting people to use DOS (well, other than BillG(_at_)microsoft(_dot_)com)
for the
next 10 years...
On the symmetric front, I'd like to suggest that all software MUST Decrypt
CAST5 and 3DES, but only MUST encrypt 3DES. In this way, those application
developers/ end users who wish to use CAST5 as their default can be
assured that someone out there can read what they generate. If they find a
key from an application that does not "prefer" CAST5, then they will know
how to encrypt 3DES so as to conform to spec...
Gene Hoffman
PGP, Inc.