On Fri, 17 Aug 2001 15:03:56 -0700, Jon Callas said:
I'm a little uncomfortable over proper wording here; if they're so bad,
should they be there at all? I thought the present 12.5 wording was stern
Well, we had so many discussions and I guess that there are still some
folks who have concerns about DSA so that they use ElGamal
signatures. Of course, it is there good right to do this. OTOH this
often triggers long discussions whether there is a bug in PGP or GnuPG
when one can't check the signature.
Removing that optional algorithm is neither good because we willfor
sure start a long discussion again ;-)
Details on safe use of Elgamal signatures may be found in [MENEZES], which
discusses all the weaknesses described above. Please note that Elgamal
signatures are controversial; because of the care that must be taken with
Elgamal keys, many implementations forego them.
How's that?
That's really nice.
Thanks,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus