ietf-openpgp
[Top] [All Lists]

Re: Mandatory Algorithm Changes?

2005-02-08 14:23:02

I agree that switching from SHA1 to SHA256 seems
like a move without clear basis, given the results
from that last conference.  I think we just have to
sit it out and see what happens.

As far as AES is concerned, I'm less definately for
or against ;)

I can't see a problem directly with making it a must,
as we are now at the point where TDES is "ok if
you have to but we'd rather you didn't."  (The
comments by Steve Bellovin last week were new
for me at least.)

If both of the major OpenPGP implementations
already support it, is there any reason to doubt
the little guys will follow along eventually?

(I agree it should be AES128 that should be the
must, if it is going that way...)

iang

--
News and views on what matters in finance+crypto:
       http://financialcryptography.com/