[Top] [All Lists]

Re: The 40-bit debate

1997-04-21 13:52:16

Raph Levien said:
     I should clarify one other point: even listing at least one exportable 
     algorithm as MUST won't guarantee full interoperability. The remaining 
     issue is RSA key length. Unless something happened to the export regs 
     that I'm not aware of, US-export software is still restricted to 
     512-bit RSA keys. Therefore, this software won't recognize signatures 
     made with unrestricted software, and can't be used to send encrypted 
     messages to unrestricted agents. I'm not sure whether this is still 
     interoperability or not (I'm not trying to be funny here - I think the 
     underlying problem is that we haven't agreed on exactly what 
     "interoperability" means).

The key sizes associated with signatures are not controlled.  The vendor 
must show that the signature cannot be used for key management, but once 
this easy task is accomplished, there are no controlls on signature 


<Prev in Thread] Current Thread [Next in Thread>