[Top] [All Lists]

Re: The 40-bit debate

1997-04-17 23:56:09
The only 40-bit debate that exists in my mind is how to make sure that
every client has the ability to encrypt and decrypt messages to and from
any S/MIME client.  And unfortunately, this means mandating the ability
to encrypt and decrypt using a 40-bit key.  Using 40-bit encryption
would meet this (almost) working group's goal of having an interoperable
standard, and satisfy the needs of US S/MIME companies that would like
to export their products.

Instead of using 40bit RC2 to provide an illusion of security, why not
ship using the identity algorithm, xor with 0, named 'No Security',
and be done with it.  At least that way those people with out the
desire to know any technical details will not be deluded into thinking
they are making a secure exchange.  This will have the advantage of
being exportable.


<Prev in Thread] Current Thread [Next in Thread>