ietf-openpgp
[Top] [All Lists]

Re: Symmetric Algorithm

1997-10-29 10:27:01
-----BEGIN PGP SIGNED MESSAGE-----

In <5llnzc4pie(_dot_)fsf(_at_)assaris(_dot_)pdc(_dot_)kth(_dot_)se>, on 
10/29/97 
   at 03:23 PM, Assar Westerlund <assar(_at_)sics(_dot_)se> said:

No.

It'll make if difficult for US companies to export it.  But that's their
problem.

This IETF wg is supposed to make a _specifcation_ that then can be
implemented in different places.

Absolutely,

*ANY* strong encryption algorithm that we select will run afoul of export
restrictions.

Myself I would like to see a minimum symmetric key size written in to the
specs to avoid people using the OpenPGP name for silly things like RC2/40
and DES/40. This of course would need to be periodically reviewed to keep
up with computer and cryptology advances.

The mandating of RC2/40 was the biggest reason I rejected S/MIME and still
refuse to support it in any of my products.

Key strength, IMNSHO, is the most serious security issue this spec will
face.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                 
       
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNFdw949Co1n+aLhhAQED9wQAqIfvj+nzN2vRcTTPTPbv+A5QXIoxL/kz
uZGrvRSOcEASsEvvlh4msgE/5Ne2/1o6Cb5e9YJ3651KydBMGXCmlQ+hn1v87RTr
/sCTc5+ktJZY9naBYubINCPYflInh1YKRPK8TkAoV27L0B3WuLnx8pXZJxS6NUTn
QvLzqWu4tAk=
=c+FV
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>