Re: Preparing a new draft...

[Werner Koch <wk@xxxxxxxxx>]

On Mon, 20 Aug 2001 14:15:13 -0700, Jon Callas said:

> Oh, yes, yes, yes. They are optional. The mandatory algorithms will not
> change from 2440. They are, however, needed to balance with the newer
> ciphers, or public keys bigger than 1024 bits.

Can you check that we don't have 1024 bit limit for DSA keys in
OpenPGP.

> Yeah, I know you did, and I still think it's a hack. A clever hack, but a
> hack. But hey, that's the difference between a standard and an
> implementation. You're perfectly free to do that.

Yeah.  And it is good that it is just a SHOULD rule ;-)

> I don't know, though, that will ever make the use of MDC mandatory. That
> would break backwards compatibility with anything that's gone before you.

Okay.  An implemenation can print a warning if a non MDC is used.

> I'm still incredulous that there are people who steadfastly cling to 2.6!
> At HAL2001, there were people who *still* adamantly insist that 2.6 is the
> only trustworthy PGP version. I don't get it, but I respect it. And hey,

I know and can't count the mails I wrote on the interoperability
problems due to no IDEA in GnuPG and to explain the advantages of
OpenPGP :-(

> would howl if we did. If we want to move to that as a goal, step one is to
> deprecate 2.6.

And of equal importance is to use PGP/MIME.

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus