-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Section 12.1 of the draft says:
An implementation that is striving for backward compatibility MAY
consider a V3 key with a V3 self-signature to be an implicit
preference for IDEA, and no ability to do TripleDES. This is
technically non-compliant, but an implementation MAY violate the
above rule in this case only and use IDEA to encrypt the message,
provided that the message creator is warned. Ideally, though, the
implementation would follow the rule by actually generating two
messages, because it is possible that the OpenPGP user's
implementation does not have IDEA, and thus could not read the
message. Consequently, an implementation MAY, but SHOULD NOT use
IDEA in an algorithm conflict with a V3 key.
This is a problem since the method given (even though it is a SHOULD
NOT) doesn't work terribly well in practice as PGP 2.x breaks when it
sees *anything* it doesn't understand in a message. For example, the
most common OpenPGP encryption (sub)key type is Elgamal. Trying to be
backwards compatible by using IDEA in an algorithm conflict between a
V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
to handle the message anyway due to the use of Elgamal.
Some experimentation shows that using IDEA when having a V3<=>V4
algorithm conflict only works if the V4 (sub)key is:
a) RSA
and
b) <=2112 bits
(and everything else in the message is carefully chosen to be at the
RFC-1991 level).
The above is true for MIT PGP 2.6.2 and PGP 2.6.3ia. I don't know
about Disastry's "2.6.3ia-multi05", or any other programs that might
implement RFC-1991.
I know 2440bis isn't intended as an implementation guide, so details
like this are perhaps inappropriate. Still, the wording in the draft
can lead a developer down a bad path. It is not unreasonable for that
developer to assume that something specified in an RFC is going to
work.
There are countless ways to fix this (specify RSA and <=2112 bits
somewhere, add another implementation note, etc) but it might be
simpler to just drop the paragraph altogether.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iHEEARECADEFAj9mjv0qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJGsEAniZGnMgsCnIqvyFnZj+8J1lJR1jlAKC6
cSKUoKGJaaoZfjKTrIs0VvMQtA==
=WvGl
-----END PGP SIGNATURE-----