David Shaw dshaw at
Tue Sep 23 15:19:36 CEST 2008

On Sep 23, 2008, at 8:44 AM, Werner Koch wrote:

> On Tue, 23 Sep 2008 14:00, jmoore3rd at said:
>> proper code lines. <Hee Hee>  While 'interoperability' testing has  
>> not
>> occurred; I have been able to successfully utilize Camellia without
> Again: Please do not use this cipher for anything other than pure
> interop testing.  The identifier assigned to Camellia may still be
> changed and it would render all your messages unreadable with future
> versions.

It's even worse than that - the identifier for Camellia has changed  
twice already, just during the process of debating the draft.  The  
first draft had only Camellia256.  The second draft had Camellia192  
and Camellia256.  Only now is there the full set of 128, 192, 256.   
Any messages encrypted from either of those two earlier versions are  
not decryptable now, and we haven't even left the draft stage yet.   
Anyone using Camellia in OpenPGP at this stage is asking for it.

> I also wonder why so many people are interested in it.  The sole  
> purpose
> of including Camellia is for Japanese governmet requirements. This is
> much the same as we would have to disable Camellia for stuff to be  
> sold
> to the US government.  These are no technical or cryptograhical  
> reasons,
> but plain political/organizational.

That's exactly it.  Camellia is a very popular algorithm in Japan.   
Including it doesn't buy us much new from the cryptographic  
perspective as we already have strong 128-bit ciphers in OpenPGP, but  
it does buy us something from the usage perspective.  It is good for  
the OpenPGP "ecosystem".

For those who are curious:


More information about the Gnupg-users mailing list