Re: AES-256 vs AES-128

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, May 31, 2003 at 03:25:41PM -0700, Jon Callas wrote:
> 
> On 5/31/03 8:33 AM, "Ian Grigg" <iang@xxxxxxxxxxxxx> wrote:
> 
> > 
> > I think it's pretty clear that both AES versions
> > should stay in OpenPGP.  Until the market reaches
> > some sort of consensus that an algorithm is dead,
> > discussions on the relative strengths argument would
> > appear not to be directly relevant to OpenPGP's
> > standardisation efforts?
> 
> Just to note, OpenPGP has 3 key sizes for AES. I'd be happy to drop the 192
> one for simplicity's sake.

Please do not do this.  This can cause interoperability problems since
AES192 is already widely deployed and widely included in cipher
preference lists.

PGP 7 and 8 create keys with cipher preferences including "AES256,
AES192, AES128" in that order.  If AES192 is dropped, then the owner
of such a key will not be able to communicate with an implementation
that predates 2440bis and doesn't support AES256.

A somewhat contrived example, to be sure.  Still, I was and continue
to be in favor of trimming the hash and cipher algorithms, but it
seems bad form to remove a cipher that is already included in
countless cipher preference lists.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+2TYD4mZch0nhy8kRAmoaAJ4p0eh0ZPkEdjqsuSqzpRFqQqAE8wCfUSDH
hHMomeDoCTFIVhR3eKX/au8=
=3vuV
-----END PGP SIGNATURE-----