On Tue, Nov 27, 2007 at 05:33:09PM +0100, Ian G wrote:

> To me, this doesn't argue for 128 bit keys.  You can achieve 
> the same effect by taking 128 bits of randomness and adding 
> 128 0's on the end.

Just to rephrase: you suggest that randomness-starved platforms use fewer
bits of the key space? Fine. It's their choice, consistent with the present
wording of the standard.

> Same comments I think apply to Dani's email.

No, because in my case you would still need a different symmetric algorithm
designation. Or you need to specify in the standard that if the session key
does not fit into one public key encrypted session key packet then such and
such actions need to be taken.

The two objections against not including 128-bit versions are not equivalent.

-- 
Daniel