CDR: Re: Phil Zimmerman Profiled
Ulf Möller
ulf at fitug.de
Thu Nov 9 08:42:17 PST 2000
> these days. However, he sees his contribution as critical, believing
> that "encryption software architectural decisions must be made by
> knowledgeable cryptographers, not software engineers." He has very
> firm opinions, for example, about Gnu Privacy Guard (GnuPG), an open
> source competitor to PGP. There's no doubt in Zimmermann's mind that
> GnuPG suffers for being managed by programmers. He offers the Blowfish
> encryption method as an example: "I would never, ever allow Blowfish
> to be implemented in PGP, because it's not as good a design as
> Twofish; Twofish is superior. PGP 7 implements Two fish. Yet we see
> GnuPG implemented Blowfish."
> Even the Internet Engineering Task Force (IETF) makes cryptographic
> mistakes, he says. Zimmermann asserts, "I would never allow El-Gamal
> signatures to be put in PGP. I don't know how that got in" RFC 2440,
> which defines the OpenPGP standard.
It is the "knowledgeable cryptographer" Zimmermann who is responsible for
the broken DSA signatures in PGP. And Additinal Decryption Keys are okay,
but Blowfish is an inacceptable security risk? What a moron.
More information about the cypherpunks-legacy
mailing list