unsubscribe
Lippek, Andreas, IT-TR
Andreas.Lippek@DePfa.com
Fri May 10 07:59:02 2002
-----Original Message-----
From: Robert J. Hansen [mailto:rjhansen@inav.net]
Sent: Freitag, 10. Mai 2002 04:46
To: Brian M. Carlson
Cc: gnupg-devel@gnupg.org; rabbi@quickie.net
Subject: Re: force-v4-certs and digest-algo
> While this may be true, it is a de facto SHOULD, just like IDEA is.
Be careful. Going further down this road will lead us to the World of
Microsoft. There's a razor's edge between saying "we will support the
spec, including all SHOULDs" and saying "we will support the spec, plus
whatever additional things we feel are de-facto standards". The one way
is the Free Software/Open Source way. The other way is the Microsoft
Embrace and Extend way (q.v., their Kerberos implementation).
Unless the spec lists it as a MUST or a SHOULD, I honestly don't think
GnuPG should generate it. Be liberal in what you accept, but very
conservative in what you generate. (I know that Len says RIPEMD-160
isn't a SHOULD, and I have no reason to doubt him. However, I haven't
checked RFC2440/2015/3156 myself yet, so I'll hedge it with an
`unless'.)
> There is no reason that DSA couldn't use any other 160 bit hash.
Nevertheless,
Sure there is. If DSA used any other 160-bit hash, it wouldn't be DSA
anymore because the DSA spec demands SHA. Insofar as whether or not the
DSA spec could be changed to accept RIPEMD-160, and whether or not the
resulting system would still be secure... who knows? Cryptosystems are
fragile things; known-strong algorithms can interact with each other to
produce weak systems.
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel