On Mon, Dec 01, 2003 at 02:48:17PM -0500, Ian Grigg wrote:
If there are O(1000) users of the ElGamal signature
algorithm, I'd say at first glance this does not qualify
as a major usage.
Also, if GnuPG is the *only* implementation of this,
then that would seem to go against the spirit of the
"two implementations" rule. (Although, not breached
in practice, as it is only a small part, I would guess.)
With regards to this point - very shortly, GnuPG will not be an
implementation of this. The upcoming GnuPG (1.2.4) does not allow
users to do anything with Elgamal sign+encrypt keys except revoke
them. It will not encrypt to them, it will not sign with them. The
next large release (1.4) will not implement Elgamal sign+encrypt at
all.
One thing I am not sure of - what is it useful for? In the
sense, does it do something that is highly prized and wanted?
In the past it was a patent-free signing algorithm that wasn't limited
to a 1024 bit key and a 160 bit hash. Given that the RSA patent has
expired, I see little benefit to Elgamal signatures that RSA
signatures do not provide, and at the same time there are some
significant advantages to RSA (like speed.)
David