To further this, I propose the following:
SSSL (Semi-Secure-Sockets-Layer) for implementations that can only
implement 40-bit RC2 / RC4. This, of course, would be in TLSS
(Transport-Level-Semi-Security) also. We can work on the acronyms.
These are in use in all of the exportable web servers / browsers from
Netscape and Microsoft.
Just to be consistent.
From: Charles Breed [SMTP:cbreed(_at_)pgp(_dot_)com]
Sent: Thursday, April 17, 1997 12:21 PM
If we're all hell-bent on an international interoperable
"MUST" profile for S/MIME, Let's not lead the naive to think
it's "Secure". We all know a brute-force attack against 40-bit
cipher can yield clear text in a short amount of time, so I
believe, we (the IETF community) has a moral obligation to inform
the millions of "unsuspecting" users as to the vulnerability of the
US/MIME, this spec has ONLY one profile, RSA, RC2-40, SHA-1 and
it will be known as the un-secure or US export spec. (or maybe
S/MIME+ will have a strong "MUST" profile, RSA Public Key with
a minimum 1792 bit to match a symmetric cipher (3DES, CAST) of
112 bits with SHA-1. This "MUST" profile allows international
interoperability as well, it just limits US companies to export.
S/MIME will continue to have other profiles using the defined OIDs.
(Yup, it's US export controlled, but ya better take that up with
the US Department of Commerce, Not the IETF)