-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'll be just a bit softer than Werner. The obstacle to your suggestion is
adoption. You can write a document, push it through the IETF, and then you have
Serpent in OpenPGP. However, it's unlikely that many implementations would put
it in, for all the reasons people have said here. It would be little more than
your name on an RFC if no one codes it up.
On the other hand, so what? Your name on an RFC is a resume-builder. And you
could code it up yourself. If a real break comes to AES, you could end up
looking prescient.
OpenPGP is designed to be to be welcoming to new algorithms -- all you need is
a new algorithm number, really. But it's also designed to have easy rejection
of algorithms that individuals or the community don't like. The algorithm
preferences and negotiation ensures that no sender can ram something down a
receiver's throat.
The upshot of this is that if *you* want to use Serpent and some new
compression algorithm and other things, you can. But if you want *us* to do it
too, then you have to convince us. OpenPGP is both a welcoming community and a
balkanized collection of cliques. One of the very clever things we did was to
be able to be both at the same time.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.10.0 (Build 554)
Charset: us-ascii
wj8DBQFMd/mtsTedWZOD3gYRAgSAAJ98lpNoTK9ikEZRXmtvQt2Og4gx+gCeKDyx
S1MEpI4VrXQwyo9HqZS5Ko4=
=IOfu
-----END PGP SIGNATURE-----