On Tue, 6 Nov 2007 16:18, iang(_at_)systemics(_dot_)com said:
supposing that we do proceed to do a next generation, are we planning
on a "big" change over a 10 year cycle, or are we planning on a
"small" change with only modest fix-ups?
We should sync us with the NIST hash competition so that a new version
would be due not before 4 years from now.
Although SHA-3 will be a drop-in replacement for SHA-2, my understanding
is that there will be suggestions on new usage modes like randomization
of hashing. That requires substantial changes to OpenPGP.
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.