-----BEGIN PGP SIGNED MESSAGE-----
In <199806011846(_dot_)TAA04546(_at_)server(_dot_)eternity(_dot_)org>, on
06/01/98
at 07:46 PM, Adam Back <aba(_at_)dcs(_dot_)ex(_dot_)ac(_dot_)uk> said:
I would have thought this should be a MUST rather than a MAY, and that
ability to deal with V3 keys should be the MAY.
This would allow one to implement OpenPGP without having to as an
implication of a MUST clause include a patented algorithm (IDEA, and
RSA), because your option is simply to not be backwards compatible, which
is precisely the implication of the limited backwards
compatibility due to patent problems implication, and no more.
BUT, if you choose to implement RSA and IDEA, then you MUST treat V3 keys
as implicit statement that IDEA is the only cipher supported.
I have to disagree, take the following example:
I have 2 users of my OpenPGP implementation who have upgraded from PGP x.x
and have migrated their V2/V3 RSA keys. Why should they be forced to use
IDEA/MD5 if they both chose not to?
I have to bring up my objections again about making preferences a *MUST*.
It should be up to the users of the product what algorithms they wish to
use (It is their communications after all). I don't have a problem with
saying that the default actions of the program should follow the
preferences but if the users are sophisticated enough to choose different
encryption/hash algorithms who am I to prevent them?
I have coresponded with with other PGP 5.x users using all different
combinations of symetric/hash algorithm with both EL & RSA keys depending
on what mood takes me at the time.
There is also the issue of what happens if the user upgrades/changes his
OpenPGP implementation or works with several different implementations
that have a variety of different capabilities? Either he has to generate a
new key for each program he is using or he needs to set his preferences to
the default 3DES/SHA1 (and that is only good if he knows before-hand that
he will be changing application sometime in the future).
Oh well, I'll get off my soapbox now. :)
Thanks,
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------
Tag-O-Matic: Dogs crawl under gates, software crawls under Windows!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNXMktI9Co1n+aLhhAQFS1AQAgL9OoHiCN7rkf+Lsr6O9YZj3xNAreeJ6
3kw2aUk21AxA8FEN6bX/7lWg5qyvQWdkXZgPzzG+ySKomHgSM0bFfs41BrAt0hZH
Z+m3uQLXebo9pQFKXA6Pp3tdns3QaV90x01HwO2YNuYqaK6tlJTgOwx4L3ForSNT
/1haOoWHD/8=
=z6QW
-----END PGP SIGNATURE-----
Tag-O-Matic: Why look thru Windows? Open the door to the future: OS/2