On 3/9/03 2:13 PM, "Jeroen C. van Gelderen" <jeroen(_at_)vangelderen(_dot_)org>
wrote:
As it stands, OpenPGP implementors are urged[*] to support this
outdated and non-royalty-free message format. Yet nobody should be
urged to perpetuate patent encumbered software if there is a gratis
(GnuPG) and fully functional (more secure even) alternative.
In spite of the fact that I support deprecating all PGP 2 features,
including IDEA, I think that "SHOULD" means "urge" is a bit strong.
My informal interpretation of SHOULD is that if you just picked up the
standard and are implementing from it, do the SHOULDs unless you know why.
If you run into something like a patent issue, then you know why it's a
SHOULD (as opposed to a MUST or MAY).
A further bit of cleverness on a developer's part is to note that if
something is a SHOULD, there's probably a controversy around it -- some
reason it's not a MUST, and some reason it's not a MAY. It's either
something people would like to get rid of but can't, or some sizable
minority is enthusiastic about, and couldn't get enough support to make it a
requirement.
Now beyond this, I agree with the vast majority of what Jeroen has said. In
PGP, we have effectively deprecated V3 keys since 2001. V3 keys are called
"Legacy RSA keys" and you have to do "Expert" key generation to get one.
There are also warnings that pop up when you create one.
Jon