If compatibility with pgp2.6, etc, is a MUST, then RSA is a MUST. Is
this acceptable? Have we already made a decision on RSA, or has the
IETF already pronounced (via the S/MIME group) a leaning on this?
The TLS group has decided that there is only one MUST algorithm,
DSA/DH/3DES, despite the fact that nearly 100% of the installed base
of SSL currently uses RSA/RC4. This decision was supported by the
users, the small vendors, the large vendors, and the IESG. This was
not even controversial - the large controversy was whether there should
be even one MUST algorithm suite. Several minds were changed on that
issue, and most now agree that there should be.