William Geiger <whgiii(_at_)invweb(_dot_)net> writes:
Bill Stewart <bill(_dot_)stewart(_at_)pobox(_dot_)com> writes:
If you don't trust RSA, and always want send out your messages using
ElGamal public keys, why should you be prevented from doing so? Don't
let the mere fact that the recipient doesn't have an ElGamal key bother
you :-)
You seem to be missing the point here. Why should the recipiant mandate
how I encrypt my messages? It is *my* message! These are *preferences* not
mandates.
If I understand correctly the algorithm preferences serve two
functions at the same time:
1) the designature capabilities (a statement of what algorithms this
client is capable of handling)
2) they indicate the key owners preferences amongst of those
algorithms his client supports
So by capabilities it means that if my client specifies no
capabilities this implies 3DES capability. (It has to as 3DES is a
must algorithm, and we need one MUST algorithm). If my client
specifies CAST5, followed by 3DES, it means that I can decrypt both
CAST5 and 3DES but the order indicates that I prefer CAST5, if the
sender has this capability.
As an aside I think it would be probably sensible to never list 3DES
as a capability explicitly as it is by definition there as a MUST.
What does the current spec imply on this?
The owner of a key may chose not to put any algorithm *preferences*
in his key should all communications to this user then be forced to
use 3DES dispite the fact he is capable of decrypting other
algorithms??
If he is capable of decrypting other algorithms, then he should
indicate this with the capability mechanism.
This really seems like artifical restrictions in the spec that are not
needed.
They are needed because otherwise people can not talk to each other.
If I read your comments correctly you are objecting that it is the
senders choice as to what algorithm he uses. Well it is by
definition, *but* if the person you are sending to has stated using
the mechanism for stating capabilities that he *can not* cope with say
CAST5, sending him messages encrypted with CAST5 is bad. So bad in
fact that we should call implementatiosn which do this non-conforming.
Your other point seems to be that perhaps it is a privacy leak to have
to leak which ciphers you prefer? In that this would for instance
narrow down the implementation you were using.
I think this is getting towards PGP stealth functionality, and that we
could discuss this as a separate debate.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`