On Thu, 17 Feb 2005 13:36:38 -0500, David Shaw said:
Rather than end up like that, just call "new V4" "V5" instead. It is
also an opportunity to fix the handful of little details that bug
people about V4: the default cipher can be AES instead of 3DES. The
key expiration dates can be hard or soft (not just soft as in V4).
I am all in favor of this. Some time ago we even discussed that a v5
signature format would be a good idea so solve some things. We could
even addres the back signature thing better with a new format.
I don't know that this should necessarily be in 2440bis, though, or
2440bis may never be released.
More than 6 years since the last RFC so it is indeed time to have a
new one, defining what the current standard is and showing a warning
that a v5 format is being worked own. This will give enough time to
work out the problems and analyze what's up with the hash algorithms.
Salam-Shalom,
Werner