A lot of this discussion seems to be aimed at:
1. Protecting RSA's "investment" in S/MIME
2. Protecting US companies from international competion.
Perhaps we could specify a 2 level spec ? :
Level 1 : Must implement a 40 bit key (using DES or whatever)
Level 2 : Incorporates Level 1 *and* must implement a 128+ bit key using
<xyz>
If we where being honest we could label it "Insecure/MIME" & "Secure/MIME"
<g>
This way everybody would have a base level of compatibility, US companies
could sell S/MIME in the US and export I/MIME (basically what happens now),
Non-US companies could sell S/MIME everywhere plus exporting to the US.
The only loser would be the US companies who can't export S/MIME (a
ridiculous situation).
I would be perfectly happy with that.
--
Lindsay Mathieson
Black Paw Communications