On Mon, 7 Jul 2003, Jon Callas wrote:
I'm not the person asking for them, so I may be inadequately explaining
this. Nonetheless, here goes.
The argument of "no new algorithms unless one is broken" makes more sense
for things like ciphers than it does for compression. Compression in OpenPGP
doesn't have the same sort of security implications that a cipher does, and
so one doesn't need to be as conservative about it.
Putting multiple options for anything into a protocol does practical
implications in the context of an anonymity system, however. (I'm not
saying this should prevent adding a new compression algorithm if it serves
a purpose -- it's just something to keep in mind.)
Yes, I know that there are potential interoperability issues when keys get
migrated around, but I also of the opinion that when an implementation
imports a key, it should make sure that the preferences reflect what it
supports.
Amen. Can that be explicitly stated in the next draft?
(And does PGP do this yet?)
--Len.