patents
Werner Koch
wk@isil.d.shuttle.de
Mon, 8 Dec 1997 10:05:37 +0100
Jeremey Barrett <jeremey@bluemoney.com> writes:
> I would vote for DSA, since it is currently in PGP 5.x. Introducing
> another layer of incompatibility is not good for anyone, especially
> given that DSA is free worldwide.
If this is really true (and I don=B4t believe it especially because of th=
e
Schnorr patent) we should do it. Let=B4s see what the FSF says.
> Also, generating keys which are secure for ElGamal _signatures_ (not=20
> encryption) is considerably harder than for DSA. I believe this was
> the reason PGP, Inc chose DSA over ElGamal for signatures.
No that=B4s not true. I saw a message from Hal Finney (PGP Inc), which
said, that the key generation code for ElGamal is not good for signatures
and it is uncommented because of this - Implementing all requirements isn=
't
too much difficult (I have not yet done this - the current code generates
ElGamal keys just for the test the entire program). Because DSA is build
upon ElGamal, all security issues of ElGamal are also valid for DSA.
By the Way: DSA allows only keys up to 1024 bits; today this is enough, =
but
what's going on tomorrow - many folks are already using 2048 bits keys
(I don=B4t think that there is any need for them - but they are used).
Werner
--=20
Werner Koch, Duesseldorf - werner.koch@guug.de - PGP keyID: 0C9857A=
5