At 09:38 AM 3/10/98 -0500, William H. Geiger III wrote:
<sigh> you are missing the point. The fact that RSA/RC4 has been droped is
irrelevant. If you implementation only uses DH/DSS and everyone else is
using RSA then who are you going to talk to? If all the users of Netscape,
S/MIME v3 is going to make DH/DSS mandatory. v3 will be an IETF standard.
Hence anyone claiming to be standards compliant will be required to support
the
non-RSA algorithms.
it plain in no uncertian terms that they will *not* be supporting these
unencumbered algorithms and their position is that DH/DSS is "untested"
and "insecure" (Their basic position is if it's not from RSADSI it's not
"secure").
Such a marketing position from RSADSI is hardly newsworthy. What else do you
expect them to say? Since there is no indication that the bulk of the IETF
security community concurs with this assessment, it really is nothing more
than
marketing hype.
What matters, now, are only two things: One is the set of requirements in the
emerging IETF S/MIME standard and the second is whether it gets implemented in
deployed product. As of now, it appears very, VERY likely that non-RSA
defaults WILL get deployed for S/MIME.
d/
__________________________________________________________________________
Dave Crocker Brandenburg Consulting +1 408 246 8253
dcrocker(_at_)brandenburg(_dot_)com 675 Spruce Drive (f) +1 408
249 6205
www.brandenburg.com Sunnyvale, CA 94086 USA