ElGamal signature values?

Sat Aug 18 14:26:01 2001

On Fri, 17 Aug 2001 15:03:56 -0700, Jon Callas said:

> I'm a little uncomfortable over proper wording here; if they're so bad,

> should they be there at all? I thought the present 12.5 wording was stern

Well, we had so many discussions and I guess that there are still some
folks who have concerns about DSA so that they use ElGamal
signatures. Of course, it is there good right to do this.  OTOH this
often triggers long discussions whether there is a bug in PGP or GnuPG
when one can't check the signature.

Removing that optional algorithm is neither good because we willfor
sure start a long discussion again ;-)

>  Details on safe use of Elgamal signatures may be found in [MENEZES], which

>  discusses all the weaknesses described above. Please note that Elgamal

>  signatures are controversial; because of the care that must be taken with

>  Elgamal keys, many implementations forego them.

> How's that?

That's really nice.

Thanks,

   Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus