It is a matter of principle. If the recipient can't read it, sending it
has no value, so there should be a common algorithm available. If the
recipient doesn't trust anything but 3DES, why should you annoy him by
sending him messages he can't read?
...
You seem to be missing the point here.
I'm not missing your point, I'm just disagreeing with it :-)
Why should the recipiant mandate how I encrypt my messages?
It is *my* message! These are *preferences* not mandates.
The owner of a key may chose not to put any algorithm
*preferences* in his key should all communications to this user then be
forced to use 3DES dispite the fact he is capable of decrypting other
algorithms??
If your objective is to communicate with the recipient,
you need to send it in a form the recipient can understand.
If the recipient doesn't understand CAST5, it doesn't matter
how enthusiatic you are about CAST5 being the One True Algorithm,
because he won't be able to decrypt it.
The algorithm preferences serve a dual function -
- indicating which algorithms the recipient understands, and
- indicating which algorithms the recipient would prefer to use.
Ignoring the recipient's preferred order is fine;
ignoring the list of acceptable algorithms is not.
If the recipient gives you a list of preferences listing
BASS-O-MATIC, 3DES, ROT-13, RC4-40, FEAL-8, CAST5
then he's told you he can read CAST5, even though he'd rather
use anything else he supports, but there's no indication that
he can read IDEA, which is a strong implication that he can't.
Thanks!
Bill
Bill Stewart, bill(_dot_)stewart(_at_)pobox(_dot_)com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639