The only 40-bit debate that exists in my mind is how to make sure that
every client has the ability to encrypt and decrypt messages to and from
any S/MIME client. And unfortunately, this means mandating the ability
to encrypt and decrypt using a 40-bit key. Using 40-bit encryption
would meet this (almost) working group's goal of having an interoperable
standard, and satisfy the needs of US S/MIME companies that would like
to export their products.
I understand the "40 bits sux" argument and all the other
fist-and-lightning-bolt / my-lock-my-key / golden-key / whatever
opinions. The simple fact is, just because it's required, doesn't mean
you are required to use it if you can use something else. And just
because you use it, doesn't mean that you can't put up a big warning
screen that says "WARNING: THIS MESSAGE IS ABOUT TO BE SENT USING
40-BIT ENCRYPTION. IT HAS BEEN THEORIZED THAT YOU COULD BUILD A REALLY
BIG COMPUTER THAT CAN DECRYPT IT REALLY QUICKLY, BUT NO ONE HAS REALLY
DONE IT YET, OR AT LEAST THEY HAVEN'T ADMITTED TO IT. ACTUALLY, IAN
BROKE A 40-BIT KEY IN ABOUT THREE HOURS, BUT I THINK HE USED MORE THAN
ONE MACHINE AND HE SKIPPED LUNCH."
The point is, that the user has the CHOICE to read a message that came
from some dumb, crappy export-only version of some wanker American's
product, and the user has the CHOICE to send a message back to that same
person. This is most easily accomplished by having a 40-bit algorithm
specified as a MUST in the spec.
Some of the wanker American products, by the way, are from pretty
high-volume companies. We can certainly dump 40-bit out of the MUST,
but at that point, you have just broken interoperability with those
products.
And just because it isn't a MUST in the spec, doesn't mean that people
won't implement it, so the moral argument against 40-bit encryption is
moot. They're (we're) gonna do it anyway. We're not misleading our
customers -- we tell them flat-out about the export limitations and the
relative weakness of 40-bit keys are. If they don't like it, then they
go to another (presumably non-US) vendor that can give them what they
want. They're not stupid.
Blake
-----Original Message-----
From: Paul E. Hoffman [SMTP:phoffman(_at_)imc(_dot_)org]
Sent: Thursday, April 17, 1997 7:48 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: The 40-bit debate
I'd like to second the motion to split the RC2/40 discussion into two
parts. Please note the subject of this part, and reply with this subject if
you want to talk about whether or not the S/MIME spec should have a MUST
or a SHOULD that includes 40-bit encryption.
--Paul E. Hoffman, Director
--Internet Mail Consortium