On Tue, Nov 27, 2007 at 05:33:09PM +0100, Ian G wrote: > To me, this doesn't argue for 128 bit keys. You can achieve > the same effect by taking 128 bits of randomness and adding > 128 0's on the end. Just to rephrase: you suggest that randomness-starved platforms use fewer bits of the key space? Fine. It's their choice, consistent with the present wording of the standard. > Same comments I think apply to Dani's email. No, because in my case you would still need a different symmetric algorithm designation. Or you need to specify in the standard that if the session key does not fit into one public key encrypted session key packet then such and such actions need to be taken. The two objections against not including 128-bit versions are not equivalent. -- Daniel