Anonymous is alleged to have said:

: > Yes, but the point of the reply, is that PGP signatures SHOULD : > be used by sysops. : Hmmm... why PGP, as opposed to the FIPS Digital Signature Standard? Yes, you can use the DSS (unless it is given away to PK partners, that is).

No, you can't use the DSS. The reason NIST was getting into confusion about whether they have to give it to PKP is that PKP says that it infringes on Schnorr's patent, which they recently bought up; assuming that's true technically (I haven't looked in a while), this means you need a license from PKP to use DSS. Unlike RSA, which the government has some rights to use because it partially funded their work, even the government doesn't have rights over Schnorr's work, since they didn't fund it, so the NIST is in deeper yogurt with DSS than with RSa signatures. You can still use DSS for research and the usual things you can use patents for without a license, but you can do the same with PGP. RIPEM can be used free non-commercially in the US+Canada under the RSAREF license terms, and RIPEM-SIG can even be exported. (Now all we need to do is find a way to get RIPEM-SIG to do key exchange and message encryption as well as signatures and patch it into PGP :-) (presumed not possible...) Bill