RE: WARNING!

[nobody@ds1.wu-wien.ac.at]

+++++++++++++++++++++++++++++++++

dcosenza@netcom.com wrote:

> I spoke with Phil Zimmermann today at some length, and he has informed me 
> that users who decide to use the jumo keys generated by the hack of 2.6ui 
> will be running a risk of incompatibility on down the line with future 
> releases he has planned. You have been warned!
> 
> Ever forward,

Doesn't part of "ever forward" sometimes involve something "non-standard"
and "running the risk of incompatibility"?  Unless there's something flawed
with the implementation of longer keys, why shouldn't the first to implement
them become the de-facto standard?  If a leter release turns out to be
incompatible with an older one, but it's cryptographically superior, then
it's time to switch, even if it means generating and distributing new keys.
Anyone concerned enough about security to want the "latest and greatest"
crypto package, with longer/stronger keys or whatever, should already be
practicing good key management and generating new keys periodically, anyway.

My only concern would be whether the implementation of longer keys might
possibly "push the envelope" of the math routines used, and thus introduce
subtle, hidden weaknesses.  Two examples might be an RNG that became
non-random with larger numbers, or a primality tester that failed to detect
larger non-primes.  If you have evidence for any of those scenarios, I'd
love to hear it.  Personally, I'm staying with PGP 2.3a until the dust
settles a bit.  I've FTPed the RSAREF 2.6 release, and it remains in its
zipped archive for now.

Just as an aside, can some of the PGP-aware-anon-remailer operators comment
on what they plan to do with respect to the various PGP versions?

++++++++++++++++++++++