On Mon, Apr 23, 2007 at 12:48:12PM -0700, Stephan Somogyi wrote:
It seems to me that commercial OpenPGP developers may well choose
to implement some algorithms that might not be freely usable, but
they will nonetheless want to be good standards citizens and be as
diligent as possible about ensuring that there are neither ID
collisions and that other implementors use the same ID for the same
cipher.
Yes. 2440bis specifies a simple way to add new algorithms to OpenPGP.
This is the IETF CONSENSUS method as specified in RFC-2434. Boiled
down to the bare details, that method is "write it down in an RFC and
get the RFC accepted". That's really all that needs to happen to add
Camellia or any other cipher, and it's a pretty low bar.
I have no objections to adding Camellia. My only concerns are that
this is done in a new RFC (2440bis is effectively closed now), and
that the new algorithm is not a MUST (for various reasons). I don't
see that patent and/or licensing issues (if there are any) really
figure into this. The end result is that those who want to implement
Camellia will, and those who don't, won't. We already have a cipher
preference system to ensure that the two sides can interoperate
regardless of the presence or lack of Camellia.
David