Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
I'm not sure about this at all. For example, consider a system that knows
that the string is high-entropy ("good key equivalent") -- should they be
prohibited from using Simple or Salted S2K? Is this MUST really an
interoperability concern as §6 of RFC 2119 suggests?
Agreed, but it's a pretty simple fix:
Where it's likely that a low-entropy secret is being employed, a compliant
application SHOULD use [...]
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp