Raph Levien said:
I should clarify one other point: even listing at least one exportable
algorithm as MUST won't guarantee full interoperability. The remaining
issue is RSA key length. Unless something happened to the export regs
that I'm not aware of, US-export software is still restricted to
512-bit RSA keys. Therefore, this software won't recognize signatures
made with unrestricted software, and can't be used to send encrypted
messages to unrestricted agents. I'm not sure whether this is still
interoperability or not (I'm not trying to be funny here - I think the
underlying problem is that we haven't agreed on exactly what
"interoperability" means).
The key sizes associated with signatures are not controlled. The vendor
must show that the signature cannot be used for key management, but once
this easy task is accomplished, there are no controlls on signature
mechanisms.
Russ