-> Elliptic Curve: I've added identifiers for EC-encryption and ECDSA. Is
-> this enough ?
(I really ned to get off VAXMail & bein using a modern quoting reader
like Eudora...)
To me the answer is simple - make the algoritm list open-ended and
extensible via plug-ins. Should not be very hard. Guess I am talking more
about implimentation than standard though needs to be there as well. We
need to remove the ITAR blinders and think of what a standard should
be.
That way a basic product would include only the MUSTs. MAYs would be
"optional extras at slight additional cost".
May be heretical but since Dave demonstrated the "Enclyptor" at the CSI
show a few years ago have been convinced that the future is in the network
and user interfaces, not the algorithms. Buying public could care less
so long as it is Good Enough (C). Can see a future where the user buys/
downloads the main program from PGP and then goes to the Security Dynamics
(RSA) web page for the RSA plugin.
Guess what I am trying to say is that if you want to create a real standard,
1) do not design capability *out*.
2) provide maximum flexibility
3) do not worry about what the extensions will be other than the ICD, just
provide for them
Above all, do not waste time on optional modules while creating the standard
"time is of the essence".
Warmly,
Padgett