At 09:14 AM 3/21/98 -0500, William H. Geiger III wrote:
Another example may be that user x has SuperPGP(tm) at home and
WimpyPGP(tm) at work. User x has only one key. What preferences should be
on his key?
Why should he only have one key?
But if he does, it should be the 3DES supported by WimpyPGP,
so he can read it at both places.
My biggest objection is a matter of principle. It's *my* message.
If I do not trust the "security" of 3DES and wish to send all
my messages out using CAST5 why should I be prevented in doing so?
It is a matter of principle. If the recipient can't read it,
sending it has no value, so there should be a common algorithm available.
If the recipient doesn't trust anything but 3DES, why should you
annoy him by sending him messages he can't read?
If you don't trust RSA, and always want send out your messages using
ElGamal public keys, why should you be prevented from doing so?
Don't let the mere fact that the recipient doesn't have an ElGamal
key bother you :-)
If you're paranoid enough that you insist that your messages be
encrypted with CAST5, do that, add a note saying it's encrypted
with CAST5, and encrypt that with the 3DES the recipient wants.
Thanks!
Bill
Bill Stewart, bill(_dot_)stewart(_at_)pobox(_dot_)com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639