cipher ID's

Robert J. Hansen rjh at
Wed Jun 25 00:22:18 CEST 2008

vedaal at wrote:
> reserved for what?

Future use.  Hate to give an answer that's so glib, but that's what it
is.  As of right now, I don't believe there's any consensus on what will
ultimately go there, or if they will ever be used -- but the spec is
including "room to grow", as it were, by telling every implementation
author "don't use those codes for your own OpenPGP extensions, we may
use them someday".

> and why couldn't they just be added later in sequence after whatever
> the last accepted algorithm is?

People add ciphers to the OpenPGP suite which are not explicitly
included in the spec.  E.g., Camellia right now, or the people who are
experimenting around with ECDSA, or... etc.

If it was just "add it to the end", then every experimental OpenPGP
platform out there would have problems.  If S14 (to pick a random unused
cipher number) is an experimental implementation of RC6, then what
happens when AES-256.5 (a full 1.414 times stronger than AES256!) gets
assigned to S14?

Fine, the experimental group moves up to S15.  But all of the traffic
they've already generated is still marked as S14.  That means when they
try to decrypt their traffic, they'll be decrypting it with AES-256.5
instead of RC6.  Which means decryptions will fail.  Which means ugly
kluges will have to be written to handle this.  And... etc., etc.

It's easier on everyone if it's done OpenPGP's way.

(Note -- while RC6 is a real algorithm, AES256.5 is not; it's firmly
tongue in cheek.)

More information about the Gnupg-users mailing list