On Fri, Apr 15, 2005 at 10:34:02PM +0100, Ian G wrote:
How about:
At least one MUST-implement algorithm SHOULD be in the
list.
Older implementations may deliver an empty list, and may
imply TripleDES at the end of the list. This behaviour
is deprecated.
I think this is overcomplicated. There is no way to phrase this that
is safe for old implementations - if a new implementation uses AES
instead of 3DES, older implementations lose.
Here is what I propose. It doesn't really matter right now whether
AES becomes the default in a v5 key format or by a future revision to
v4. Either way, this change is safe:
1) In section 9.2, change AES from a SHOULD to a MUST.
2) In section 12.1, change
this:
Since TripleDES is the MUST-implement algorithm, if it is not
explicitly in the list, it is tacitly at the end.
to this:
TripleDES is the current default OpenPGP algorithm, so if it is not
explicitly in the list, it is tacitly at the end.
and this:
Note that the MUST-implement algorithm, TripleDES, ensures
that the intersection is not null.
to this:
Note that the current default algorithm, TripleDES, ensures that the
intersection is not null.
or other text amounting to the same thing. The reason for this change
is that the current text refers to TripleDES as the only
MUST-implement algorithm. If we add AES as another MUST, this text is
no longer correct.
End result is to leave 3DES as the default, and make AES a MUST. In n
years, we'll either have v5 keys or can just redefine v4. Either way,
we've laid the groundwork.
David