Re: [ANNOUNCE] PGP 5.0 Freeware is available from MIT

Rohit Khare (
Tue, 17 Jun 1997 03:05:42 -0400 (EDT)

> Um, which digital signature standard is he referring to? I thought this
> was still an open working item for the W3C.
> - Jim

Pshaw, as if W3C has a saw in cryptography development. DSS is a
government signature algorithm, with all the usual suspicious baggage
attached to Gov't developed crypto (they mysteriously replaced the
constituent Secure Hash Algorithm with SHA-1 soon after it was
released...). It's based on logs, like El Gamal, so it's ONLY good for
signature, not PK encryption. There was proof of a possible covert
channel in DSS since, oh, 1994 at least.

But it is a Gov't standard, so we roll with it.

What W3C *DOES* have a say in is meta: how to wrap and present sig
cryptography in the context of a PICS label. The crypto guts (packing,
bit choices, etc) will probably always remain in some other group's
hands (or should, anyway).