[Top] [All Lists]

Re: Mandatory Algorithm Changes?

2005-02-09 05:20:38

Werner Koch wrote:

On Tue, 08 Feb 2005 21:27:30 +0000, Ian G said:

If both of the major OpenPGP implementations
already support it, is there any reason to doubt
the little guys will follow along eventually?

There are other implementations using OpenPGP as well.  For embedded
systems adding another MUST cipher is a problem, in particular if 3DES
is already done in (old) hardware.  There might also be the need to
implement the preferences system unless both, 3DES and AES, are
declared as fallback algorithms.

Right, in that it's a given that there are always
problems for any change.  But let's explore this
a bit more.

What is being changed (suggested) is the OpenPGP
RFC - standard.  No implementation needs to change,
and the only implementations that would want to
change would be future ones that need to adhere
to the standard.

Embedded devices don't really need to adhere
(here, I am assuming that such embedded are
totally embedded and aren't communicating
with the open email community).

Also, as time goes on, those that do not support
AES are going to raise more and more eyebrows.
I think the time is going to come fairly shortly
where I'd say "implementing AES" was more
important than "slavishly following the standard
in every detail."

Are there any little guys here would like to add
anything?  Positive or negative?

FTR: Edwin informs me that the Cryptix OpenPGP
has no objection.

(Which should be taken to mean I vote for the
change - I'm just playing the devil's advocate here.)


News and views on what matters in finance+crypto: