I guess I should have been more specific when I started this thread. What I
should have said was:
After reading the current draft (which is available at
<http://www.imc.org/draft-dusse-smime-msg>), please use the above subject
line when replying about whether or not the S/MIME spec should have a MUST
or a SHOULD that includes 40-bit encryption.
It's clear to me that some people who are replying on this list haven't
read the draft since they didn't know that the draft has two profiles, a
"restricted" one that has 40-bit only and an "unrestricted" one that has
both 40-bit and tripleDES. Section 2.6 of the draft clearly says when the
restricted profile should be used, and that's pretty damn rarely.
Now, I'm not saying that the current draft is the best solution,
particularly since profiles have caused horrible problems for IETF-blessed
email in the past, but I believe that this can be worked out for S/MIME.
So, everyone, please read the draft, particularly Section 2.6 and all of
its subsections, and continue to comment on the 40-bit MUST/SHOULD/MAY
issue.
--Paul E. Hoffman, Director
--Internet Mail Consortium