Making it simple

David Shaw
Mon May 13 01:11:01 2002

On Sat, May 11, 2002 at 06:00:37AM +0000, Brian M. Carlson wrote:

> > > And, those two folks having RSA keys have no preferences
> > > whatsoever!  What is the default for this case?
> > 
> > It depends if they have v3 (PGP2-style) or v4 self-sigs.  If the
> > self-sig is v4, they have the same default preferences as any v4 key:
> > 3DES for cipher, SHA1 for hash, and ZIP+Uncompressed for compression.
> > If they have a v3 self-sig, they have no preferences at all, but
> > generally this is interpreted as IDEA for cipher, MD5 for hash and ZIP
> > for compression.
> That is, if the v3 sig is on a v3 key. If the v3 sig is on a v4 key, a
> compliant implementation MUST use 3DES, SHA1, and ZIP+Uncompressed if there
> are no preferences.

If it's a v3 sig, by definition there are no preferences. ;)

> > At least this is GnuPG's behavior.  PGP seems to ignore the compress
> > preference completely and uses ZIP for everything.
> Which is technically permitted, because the specification says that an
> implementation may use any method to choose an algorithm in the intersection.
> That is, it's ok as long as the preference is not just Uncompressed.

Not ok - PGP uses ZIP even if the preference is Uncompressed.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson