Adam Back says:
Also, since this is an IETF forum, let me remind you, that the
official IETF security guideline is: "For all the new standards
MD5 shall not be used - but SHA-1".
MD5 is in the draft as a MAY. You want to change that to a MUST NOT?
Oh, certainly not. I was simply pointing out that "MUST" for the
new drafts should exclude MD5. "MAY" - is a different story, and
I personally see no reason why backward compatibility cannot be
offered as an option. With the understanding that an implementor
does not HAVE to be backward compatible - it's just nice of him,
if he is.
I don't think the situation with MD5 is serious enough currently to
warrant the loss of backwards compatibility as an implementation
option.
IESG does not require this either, to the best of my knowledge.
Actually, even SHA-1 MUST and MD5 SHOULD would wash well, I think.
Where we came in to this discussion was that by having backwards
compatibility more people migrate to new algorithms more quickly.
Granted - except I think we differ on where the crucial backwards
compatibility is. For me [apologies for repeating myself :-] the
"schwerpunkt" is the external interface - the ability or inability
to use the existing software by just editing config files and
dropping a new PGP executable in.
...............but I absolutely hate
the fact that I can no longer use Mailcrypt-3.4 from XEmacs.
Well I use mailcrypt also, so I can share on that one. However I keep
getting emails from people with pgp5.x which are addressed to my RSA
key, and yet which pgp2.x simply can't read. I think this must either
be the bug Hal described, or people are signing the message with a DSS
key which I thought pgp5.x was supposed to warn against when the
recipient is using an RSA key.
Don't know... Maybe Hal could comment?
Yes and no. Of course transparency will help. HOWEVER, many of PGP
users have either no time, or no skills (or "no" both) to modify
the software that interfaces between their favorite whatever
and PGP. For me it is Mailcrypt/XEmacs. Until *that* part
is taken care of - don't expect people to switch.
I think mailcrypt users are small in number. We should ask Pat
LoPresti if he wants to hack in pgp5.x support.
(:-) Well, I tend to doubt that all the other e-mailers have no
problem with the new PGP interface, and only big bad Mailcrypt
does... But if you can ask Pat - by all means, please do so.
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>