On Tuesday, Mar 11, 2003, at 12:24 US/Eastern, Derek Atkins wrote:
"An OpenPGP MAY support decryption of IDEA-encrypted messages but MUST
NOT generate them."
I wouldn't say MUST NOT generate; I think it's a bit too strong.
Generally, MUST NOT is used when using something would be detrimental
(e.g. it would be a security problem, or cause immeasurable interop
problems). For example, one MUST NOT use "rot13" encryption. I don't
see why supporting/using IDEA falls into this category. Therefore, I
would say "SHOULD NOT encrypt using IDEA". Is there some technical
reason why IDEA "MUST NOT" be used?
You are right of course.
Killing of the sending of IDEA-encrypted messages also addresses my
concern: I will be able to decrypt any OpenPGP message sent to me
without being legally required to pay IDEA licensing fees. And Derek
can keep reading his existing mail.
I think MAY decrypt and SHOULD NOT encrypt gets you the same thing,
without making PGP.Com's implementation non-compliant for wanting to
support older algorithms.
Yes.
Basically I want a tool that will walk through my email messages and
every time it finds a PGP block inside the message it replaces that
PGP block with a new PGP block which is a re-encrypted version. In
other
words, it looks for files that look like:
blah blah blah
----- BEGIN PGP MESSAGE -----
[radix64 snipped]
----- END PGP MESSAGE ----
blah blah blah
And replaces it with:
blah blah blah
----- BEGIN PGP MESSAGE -----
[re-encrypted message in radix64 snipped]
----- END PGP MESSAGE -----
blah blah blah
I'll give you extra points if the timestamp on the message is not
changed.
;)
How are the messages stored?
-J