There seems to be some distorted logic in negotiations using 40 bit
algorithms
1. We all know 40 bits is not secure enough and can be easily
broken, so what is the point of negotiating to a higher level
algorithm with security using 40 bits ??!! might just as well be in
the open (not encrypted at all).
2. If indeed we need to ""securely negotiate"" for an strong
algorithm, then we might as well use the negotiation algorithm itself
for our transaction if we believe that algorithm is ""secure""
(meaning strong enough to resist breaking and that gives us confidence
in the security)
David Gaon
______________________________ Reply Separator _________________________________
Subject: Re: Alternative symmetric algorithm freely available for IET
Author: Laurence Lundblade <lgl(_at_)qualcomm(_dot_)com> at smtp
Date: 4/17/97 12:31 PM
Peter, what's the (US) export status of CAST? I understand one of the
reasons RC2 is attractive is that it has been cleared with the US commerce
department for easy export at 40 bits. RC2's ease of export was cited as
one of the main reasons for it's use at the IETF BOF.
LL
At 11:10 AM -0400 4/16/97, Peter Whittaker wrote:
It has been suggested that the IETF consider specifying an alternative
"MUST" symmetric encryption algorithm in its version of S/MIME. One of
the alternatives is CAST. Entrust Technologies announced in January that
it was making CAST available. From the press release:
<stuff deleted>
Peter Whittaker Entrust Key Validation Sequence: 7ORS-NGND-P6ZX
Senior Designer, PKI mailto:pww(_at_)entrust(_dot_)com Phone: +1 613 765
2064
Entrust Technologies http://www.entrust.com Fax: +1 613 765 3520