I vote that we never force a "MUST" with weak 40-bit crypto,
Let's not lead the naive to think it's "Secure".
We all know a brute-force attack against 40-bit
cipher can yield clear text in a short amount of time, so I
believe, we (the IETF community) has a moral obligation to
the millions of "unsuspecting" users AND we "MUST" have a
spec that protects their content, (as one would think a Secure
Product would...)
Charles Breed
At 07:47 PM 4/17/97 -0700, you wrote:
I'd like to second the motion to split the RC2/40 discussion into two
parts. Please note the subject of this part, and reply with this subject if
you want to talk about whether or not the S/MIME spec should have a MUST
or a SHOULD that includes 40-bit encryption.
--Paul E. Hoffman, Director
--Internet Mail Consortium