There are lots of different ways of combining algorithms, doing triple
encryption, etc.
1. Many, perhaps most, do not deliver the additional protection that was
desired--
the reason why EDE is proposed in not only for compatibility with single key
encryption (that was IBM's original reason), but also because double encryption
is subject to a meet in the middle attack. Adding additional varients at this
late date,
without a very exhaustive review of what is being proposed, is fraught with
danger.
MANY of some of the best cryptographers in the public sector have fallen into
this
trap.
2. PEM is too damned late as it is, and proposing "enhancements" before we have
a working version is almost sure to be counterproductive.
3. I am increasingly concerned that a number of governments, including the US,
may
ultimately end up banning the use of reasonably good cryptography by private or
even
corporate individuals unless the keys are escrowed. It seems to me that double,
triple,
quadruple, etc., encryption just adds fuel to that (potential) fire. I find it
EXTREMELY
hard to believe that single DES isn't good enough for any purpose other than
protecting
national security. If you are a terrorist, conspirator, or hard-core criminal,
you would be
better off using something that wouldn't draw so much attention to you in any
case.
4. Conclusion: at least with respect to the basic algorithm, IT AIN'T BROKE.
DON'T FIX IT!
Instead, get it out there and in worldwide use before the opportunity escapes
us.