ietf-openpgp
[Top] [All Lists]

Re: Further deprecating PGP2

2003-03-10 14:03:22


On Monday, Mar 10, 2003, at 15:16 US/Eastern, David Shaw wrote:
Killing of the sending of IDEA-encrypted messages also addresses my
concern: I will be able to decrypt any OpenPGP message sent to me
without being legally required to pay IDEA licensing fees. And Derek
can keep reading his existing mail.

I'm not sure if I understand this comment.  Can you clarify?  A
message encrypted by an OpenPGP program to an OpenPGP key "MUST NOT
use a symmetric algorithm that is not in the recipient's preference
list." (section 12.1) If you don't have a preference for IDEA, then
anyone sending you an OpenPGP message that uses IDEA is already
non-compliant.

I guess I'm happy then :)

Is a PGP2 key with IDEA listed as its single preferred algorithm considered an OpenPGP key? (I hope not, otherwise I still can't send all OpenPGP messages without a license.)

You could be sent a PGP 2.x message that uses IDEA, but PGP 2.x isn't
subject to the OpenPGP spec.

Definitely.

That said, I do support removing the SHOULD from IDEA (and the current
draft has already done this).

Yes, that is lovely.

  I also support deprecating the PGP 2.x
features in OpenPGP in general.  Any program that wants to implement
PGP 2.x functionality can still do that without affecting their
OpenPGP compliance.

Except if IDEA is marked as MUST NOT, right? So I should retract that particular proposal.

Cheers,
-J