In message <3ED91C35(_dot_)6070807(_at_)attbi(_dot_)com>, John Wilkinson writes:
Ian Grigg wrote:
I think it's pretty clear that both AES versions
should stay in OpenPGP. Until the market reaches
some sort of consensus that an algorithm is dead,
discussions on the relative strengths argument would
appear not to be directly relevant to OpenPGP's
standardisation efforts?
Agreed. As long as the MUST have cipher is 3DES, we have no problems.
When and if (hopefully never) OpenPGP chooses to deprecate 3DES in favor
of some other cipher, be prepared for a battle...
AD hat on... I would be unhappy if AES -- pick your key size -- were a
SHOULD instead of a MUST.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)