ElGamal signature values?

Jon Callas jon@callas.org
Sat Aug 18 00:14:02 2001


At 3:41 PM +0200 8/13/01, Werner Koch wrote:


>Please add a reference to section 12.5 [ElGamal] and make clear that
>the use of ElGamal signatures is not suggested.
>
I'm a little uncomfortable over proper wording here; if they're so bad, should they be there at all? I thought the present 12.5 wording was stern enough to give anyone pause. Nonetheless, I added another wording. Here's the complete paragraph: Details on safe use of Elgamal signatures may be found in [MENEZES], which discusses all the weaknesses described above. Please note that Elgamal signatures are controversial; because of the care that must be taken with Elgamal keys, many implementations forego them. How's that? Jon