Neva Remailer wrote:
What do you think about celebrating the expiration of the Diffie-Hellman patent by getting all the PGP users in the world to switch to DSS/DH keys all at once?
From www.rsa.com on DSS ... DSA has been criticized by the computer industry since its announcement. Criticism has focused on a few main issues: it lacks key exchange capability; the underlying cryptosystem is too recent and has been subject to too little scrutiny for users to be confident of its strength; verification of signatures with DSA is too slow; the existence of a second authentication standard will cause hardship to computer hardware and software vendors, who have already standardized on RSA; and the process by which NIST chose DSA was too secretive and arbitrary, with too much influence wielded by NSA. And from www.rsa.com on the ElGamal variation of Diffie-Hellman... The main disadvantage of ElGamal is the need for randomness, and its slower speed (especially for signing). Another potential disadvantage of the ElGamal system is that message expansion by a factor of two takes place during encryption. However, such message expansion is negligible if the cryptosystem is used only for exchange of secret keys. So, before you run off to play with your new toys, read the warranty first. Also there are platforms that PGP 5.0 doesn't cover yet that PGP 2.6.3i already does, such as: MS-DOS, OS/2, Amiga, Atari, Macintosh, BeOS and Linux. Until such a time, a world-wide conversion seems unlikely.