What is the status of HAVAL's algorithm number.
Also, I didn't write this up in detail before, but somewhere, probably
near the top or in the algorithm section it should say (feel free to
edit):
"MAY implement" algorithms are only for experimental or internal use.
Implementations MUST NOT send keys to any public keyserver that uses
algorithms other than those listed below. Implementations SHOULD NOT
create keys or messages that use algorithms other than those listed below
in any normal or common useage. Implementations SHOULD make it very
difficult to generate PGP packets using "MAY" or experimental algorithms.
This limits the available algorithms: hashes to MD5, SHA1, and RIPEMD160;
symmetric algorithms to IDEA, 3DES, and CAST5; encryption algorithms to
RSA and DH (ElGamal); and signature algorithms to RSA and DSA. Further,
DSA signatures should be limited to using SHA1. MD5, IDEA, and RSA should
only be used to interoperate with earlier implementations of PGP.
This is sort of implied by the definition of MAY, SHOULD, etc. but I think
it would be a good idea to reinforce it by stating this clearly and
explicitly. Although I am for leaving the algorithm list alone at this
late stage, I do think it would be best to strongly state that the extra
stuff is experimental and not intended for use in any commercial product.
--- reply to tzeruch - at - ceddec - dot - com ---