[Top] [All Lists]

Re: I-D ACTION:draft-ietf-openpgp-camellia-00.txt

2007-11-27 06:20:43

The reason only 256-bit keys were proposed was due to
Hironobu SUZUKI's initial request:

key-length discussions happened here:

the final message likened the situation with only 256-bit key

HOWEVER, in addition to Daniel's technical comment in:

I personally wonder if we also should take this opportunity
to add a 128-bit key+length alternative to AES in OpenPGP,
just because there currently isn't one.

One could argue about adding 128-bit Twofish as well/instead,
as it's been around longer and also went through the deep AES
process scrutiny.  However, on Camellia's side, it is a post-AES
cipher, and so benefits from more recent insights / design
trade-offs, PLUS it has gone through the scrutiny of both
NESSIE and CRYPTREC.  In addition it's already implemented
(in both 128-bit and 256-bit lengths) in applications (e.g. the
Linux kernel and Firefox 3.0 [beta]).

One outstanding question I see: have we ever had a reply back
from NTT giving an IPR statement SPECIFICALLY for OpenPGP, as
requested by Hironobu SUZUKI here?

This was intended to clarify the general statement given here: