On Sat, 1 Mar 2008, David Crick wrote:
On 3/1/08, Daniel A. Nagy <nagydani(_at_)epointsystem(_dot_)org> wrote:
I think, Andrey makes a very important point here. The option to use 3DES
symmetric encryption, SHA1 digest and ZLIB compression must remain open
until
a formal process of phasing them out is initiated, with a clear road map.
Right now, excluding these algorithms would break interoperability in a
very
bad way, as described by Andrey.
as someone said about alternative V5 key routes - let's absolutely
make sure we break it!
That was more than one person, I think, but I was one of them.
Breaking compatibility on the protocol level doesn't mean breaking it on
the actually application level. In a different thread, there as discussion
of people using "regular" DSA/EG keys and then adding a recipient who uses
ECC. So what? The application can encrypt twice, and send the properly
encrypted messages to the appropriate people.
Backwards compatibility on the protocol level means forward compatibility
on protocol level attacks. Let's not do that, eh?
[Obviously we don't want to be breaking compatility all the time, but for
something as big as v5, that we've been talking about for almost a decade,
I think it's reasonable to both get it right, and cut the last decade+'s
legacy of cruft loose, and leave the application to support v4 and v5 if
the designer so desires. A lot of the things done in OpenPGP are, in
hindsight, missteps. Hindsight is cheap. Let's make use of it when it is
appropriate.]
--Len.