-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, May 31, 2003 at 03:25:41PM -0700, Jon Callas wrote:
On 5/31/03 8:33 AM, "Ian Grigg" <iang(_at_)systemics(_dot_)com> wrote:
I think it's pretty clear that both AES versions
should stay in OpenPGP. Until the market reaches
some sort of consensus that an algorithm is dead,
discussions on the relative strengths argument would
appear not to be directly relevant to OpenPGP's
standardisation efforts?
Just to note, OpenPGP has 3 key sizes for AES. I'd be happy to drop the 192
one for simplicity's sake.
Please do not do this. This can cause interoperability problems since
AES192 is already widely deployed and widely included in cipher
preference lists.
PGP 7 and 8 create keys with cipher preferences including "AES256,
AES192, AES128" in that order. If AES192 is dropped, then the owner
of such a key will not be able to communicate with an implementation
that predates 2440bis and doesn't support AES256.
A somewhat contrived example, to be sure. Still, I was and continue
to be in favor of trimming the hash and cipher algorithms, but it
seems bad form to remove a cipher that is already included in
countless cipher preference lists.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+2TYD4mZch0nhy8kRAmoaAJ4p0eh0ZPkEdjqsuSqzpRFqQqAE8wCfUSDH
hHMomeDoCTFIVhR3eKX/au8=
=3vuV
-----END PGP SIGNATURE-----