cbreed(_at_)pgp(_dot_)com said:
3. Unfortunately, the MUST profile (for interoperability), will be US
export controlled. US export requirements should NOT be imposed upon
an international standards organization. (Why should someone in Japan
be forced to uses 40-bit weak crypto to communicate with someone in
Germany, if their profile is unknown?) It is more dangerous to resort
to weak crypto than nothing
What I find very difficult to understand is, why the technology:
- which is the defacto standard
- the most widely used (world wide)
- which is not suffering from the US-export equirements (as it is already
available outside US)
- which allows almost arbitrarily strong crypto
is not considered for the MUST technology?
Another thing, is it not true, assuming the technology is available, that
nothing prevents a user in US and a user outside US to communicate using
stong crypto ( e.g. 128 bit keys)?
/Frederik
--
------------------------------------------------------------------
Frederik H. Andersen Phone: +45 42 84 50 11
Dansk Data Elektronik A/S Fax: +45 42 84 52 20
Herlev Hovedgade 199 Email: fha(_at_)dde(_dot_)dk (MIME accepted)
DK-2730 Herlev, DENMARK
PGP Fingerprint: 6B BC FB 45 E4 69 CE A2 63 E1 62 1F 0C 65 C2 E4
------------------------------------------------------------------