Yes, I understand that two *particular* implementations can
interoperate. But can *any* two implementations interoperate? No.
Because of US export regulation, you can't possibly answer that question
yes, because there will be a vendor that does not implement the
export-only algorithm unless that algorithm is labeled MUST.
It would be ridiculous for me to say that you had no interoperability at
all -- there is always "identity" interoperability with your own product
(I hope!). I'm sorry if my language wasn't precise. Of course, I may
have been trying to be ridiculous also -- it happens :).
From: Raph Levien [SMTP:raph(_at_)acm(_dot_)org]
Sent: Thursday, April 17, 1997 10:00 PM
To: Blake Ramsdell
Cc: 'Paul E. Hoffman'; 'ietf-smime(_at_)imc(_dot_)org'
Subject: RE: Alternative symmetric algorithm freely
(re: RC2 licensing).
On Thu, 17 Apr 1997, Blake Ramsdell wrote:
I understand that there is a faction that says that RC2 40-bit should
just be changed from MUST to SHOULD. This will cause a lack of
interoperability. I further understand that there is a faction that
says that RC2 should be removed completely from the algorithm suite.
This will also cause a lack of interoperability.
These statements are simply not true. There is nothing that prevents a
non-US company from developing a product containing strong crypto. In
fact, for SSL, this has already been done. There is also an independent
implementation of PGP.
RC2 may actually make interoperability worse, because companies may need
to license the RC2 code from RSA to be 100% kosher, and the US may
prohibit RSA from exporting this license.
What will really kill interoperability for sure is splitting S/MIME into