[EMAIL PROTECTED] wrote:
reserved for what?
Future use. Hate to give an answer that's so glib, but that's what it is. As of right now, I don't believe there's any consensus on what will ultimately go there, or if they will ever be used -- but the spec is including "room to grow", as it were, by telling every implementation author "don't use those codes for your own OpenPGP extensions, we may use them someday".
and why couldn't they just be added later in sequence after whatever the last accepted algorithm is?
People add ciphers to the OpenPGP suite which are not explicitly included in the spec. E.g., Camellia right now, or the people who are experimenting around with ECDSA, or... etc. If it was just "add it to the end", then every experimental OpenPGP platform out there would have problems. If S14 (to pick a random unused cipher number) is an experimental implementation of RC6, then what happens when AES-256.5 (a full 1.414 times stronger than AES256!) gets assigned to S14? Fine, the experimental group moves up to S15. But all of the traffic they've already generated is still marked as S14. That means when they try to decrypt their traffic, they'll be decrypting it with AES-256.5 instead of RC6. Which means decryptions will fail. Which means ugly kluges will have to be written to handle this. And... etc., etc. It's easier on everyone if it's done OpenPGP's way. (Note -- while RC6 is a real algorithm, AES256.5 is not; it's firmly tongue in cheek.) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
