ElGamal signature values?

Werner Koch wk@gnupg.org
Sat Aug 18 14:26:01 2001


On Fri, 17 Aug 2001 15:03:56 -0700, Jon Callas said:


> I'm a little uncomfortable over proper wording here; if they're so bad,
> should they be there at all? I thought the present 12.5 wording was stern
Well, we had so many discussions and I guess that there are still some folks who have concerns about DSA so that they use ElGamal signatures. Of course, it is there good right to do this. OTOH this often triggers long discussions whether there is a bug in PGP or GnuPG when one can't check the signature. Removing that optional algorithm is neither good because we willfor sure start a long discussion again ;-)
> Details on safe use of Elgamal signatures may be found in [MENEZES], which
> discusses all the weaknesses described above. Please note that Elgamal
> signatures are controversial; because of the care that must be taken with
> Elgamal keys, many implementations forego them.

> How's that?
That's really nice. Thanks, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus