On Tue, 8 Feb 2005 09:42:20 -0800, Jon Callas said:
Does anyone object to changing the MUST cipher to AES (I'd pick 128)
and MUST hash to SHA-256?
Breaks interoperability with existing OpenPGP applications. I am not
aware of any new security problems with 3DES which would justify such
a step. Adding AES-128 as another MUST algorithm would be fine with
me but this breaks interoperability too.
SHA-256 is even worser. In addition to the interop problems,
applications using OpenPGP tools need to be changed to make use of the
longer digest. Dropping MD5 is really a good idea, but I doubt that
SHA-256 has been analyzed as much as the older algorithms. Given that
there are now doubts on the general design principle of all common
hash algorithms, I think it is a bit to early to make it a MUST.
I guess that there are other things in OpenPGP that are more
vulnerable to attacks than SHA-1. Better do a new RFC now and then
start thinking about all the open issues.
Shalom-Salam,
Werner