[Top] [All Lists]

Re: IDEA licensing vs RSA licensing (Re: What do we have to do today?)

1997-11-02 06:02:56

 on 11/01/97 
   at 02:20 PM, Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org> said:

  Anyway, I agree with the people who are arguing for MUST for 3DES,
  DSA, Elgamal; and SHOULD for RSA, IDEA, MD5, and MAY for the rest.
This is my plan. I'm still open toward making CAST5 a SHOULD (in fact, that
is my personal preference), but I hear more reasons for MAY than SHOULD.

A very basic reason: SHOULD is only for things that are strongly desired
by all implementations. If we have a strong algorithm for a MUST and
another strong algorithm for a SHOULD, I see no point to tossing another
SHOULD in. Many developers try to implement all SHOULD-level specs, and
this would cause needless software bloat with little definable benefit.

And, again, I would strongly lobby against any MAY list. A list of IDs
for all known algorithms identifiers is enough.

Well FWIW I don't have a problem with only having one MUST and one SHOULD
but if we are going that route there should be some documentation on what
algorithms PGP 2.6.x & PGP 5.x are using and what the default operations
are so implementors can insure that they have compatability with the
current software available. My understanding is that CAST5 is the default
algorithm in 5.x, if it is not a MUST or SHOULD there still should be some
mention that it is the default in PGP and those wishing to be able to
communicate with 5.x users will need to implement it. Simmilar
documentation should be provide in regards to 2.6.x and the RSA/IDEA/MD5

- -- 
- ---------------------------------------------------------------
William H. Geiger III
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at:                 
- ---------------------------------------------------------------

Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000