Russ has requested that I summarize the results of the RC2 keylength
strawpoll and close out this issue. Unfortunately, the strawpoll
reached no clear consensus. (It's pretty much dead even).
Consequently, we're going to leave things more or less as-is. RC2
keys MUST be 16 octets, both when used as KEKs (the output of DH
computations) and MEKs. Implementations SHOULD accept other length
MEKs when RSA encrypted, in the interest of backwards compatibility.
If you have an objection to this (admittedly flawed) decision
procedure (I.e. I as document editor just decide), speak up now.
This isn't the time for substantive technical argument, however.
Thanks,
-Ekr
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]