Jon Callas wrote:
There are not going to be (substantial) changes to 2440bis. We're far
too late for that -- and that's a process comment. We're waiting for
the IESG to decide 2440bis can go out the door. This would be a
substantial change. The 2440bis train has left the station. I
genuinely thought that went without saying, and offer that as my
excuse for not saying it.
Concur. Absolute agreement :)
But, wasn't the numbering of algorithms something that was
taken out of the document on AD request? I must be confused...
However, if someone were to write a document for Camillia in OpenPGP,
that would be a reasonable thing to do -- *after* 2440bis comes out
of the pipe. It is in fact the rough consensus of this group that
that's presently the best way to add algorithms.
As we haven't done much to add algorithms, I'd say this is
fairly open territory.
On the one hand we have plenty of numbers ...
On the other hand, we probably want some minimal proof of
need. By way of example only, 2 cooperating implementations
using an experimental number?
The reason I say that is that we would then have 2 groups
that would also cooperate to write the specification, rather
than one group that asserts "it works for me!"
...
I think the same is true with Camillia (and SEED, GOST, etc.) --
whatever the IP status is, it doesn't matter because we don't *need*
these algorithms. If the IP is so onerous that they aren't
ubiquitously deployed, that's their problem, not ours. Note that
assumes they'd be MAYs.
OK, as long as any algorithms that are patent encumbered are
MAYs that would cover my concerns.
iang