Anyway, I agree with the people who are arguing for MUST for 3DES,
DSA, Elgamal; and SHOULD for RSA, IDEA, MD5, and MAY for the rest.
This is my plan. I'm still open toward making CAST5 a SHOULD (in fact, that
is my personal preference), but I hear more reasons for MAY than SHOULD.
A very basic reason: SHOULD is only for things that are strongly desired by
all implementations. If we have a strong algorithm for a MUST and another
strong algorithm for a SHOULD, I see no point to tossing another SHOULD in.
Many developers try to implement all SHOULD-level specs, and this would
cause needless software bloat with little definable benefit.
And, again, I would strongly lobby against any MAY list. A list of IDs for
all known algorithms identifiers is enough.
--Paul Hoffman, Director
--Internet Mail Consortium