-----BEGIN PGP SIGNED MESSAGE-----
In <5llnzc4pie(_dot_)fsf(_at_)assaris(_dot_)pdc(_dot_)kth(_dot_)se>, on
10/29/97
at 03:23 PM, Assar Westerlund <assar(_at_)sics(_dot_)se> said:
No.
It'll make if difficult for US companies to export it. But that's their
problem.
This IETF wg is supposed to make a _specifcation_ that then can be
implemented in different places.
Absolutely,
*ANY* strong encryption algorithm that we select will run afoul of export
restrictions.
Myself I would like to see a minimum symmetric key size written in to the
specs to avoid people using the OpenPGP name for silly things like RC2/40
and DES/40. This of course would need to be periodically reviewed to keep
up with computer and cryptology advances.
The mandating of RC2/40 was the biggest reason I rejected S/MIME and still
refuse to support it in any of my products.
Key strength, IMNSHO, is the most serious security issue this spec will
face.
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.amaranth.com/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNFdw949Co1n+aLhhAQED9wQAqIfvj+nzN2vRcTTPTPbv+A5QXIoxL/kz
uZGrvRSOcEASsEvvlh4msgE/5Ne2/1o6Cb5e9YJ3651KydBMGXCmlQ+hn1v87RTr
/sCTc5+ktJZY9naBYubINCPYflInh1YKRPK8TkAoV27L0B3WuLnx8pXZJxS6NUTn
QvLzqWu4tAk=
=c+FV
-----END PGP SIGNATURE-----