On Wed, 15 Mar 2006 04:29:10 -0500 (EST), Ian Grigg said:
Yes, it's a concern. FTR, I agree with Hal that
we should seriously consider taking the draft out
of last call (dammit!) ... hopefully it won't take
I agree.
However, SHA-256 should not be a MUST but a SHOULD. Otherwise many
OpenPGP applications won't be compliant anymore. In particular
applications on small devices may only support the MUST algorithms.
A remark that this SHOULD will be changed to a MUST algorithm in the
future will help to explain that we really want SHA-256.
Salam-Shalom,
Werner