Steve & Eric:
The key-encryption key is generated by the key agreement algorithm or
distributed as a mail list key. With key agreement, the minimum
number of bits needed to form the key-encryption key must be used.
As an example, only the first 40 bits of Diffie-Hellman generated
keying material are used for a RC2/40 key-encryption key.
This appears to be the "RC2 key length X/8" option. This adds the
restriction that X/8 must always be used in mixed DH+RSA messages though
just RSA need not be restricted to X/8. Or am I misinterpreting this?
How about:
The key-encryption key is generated by the key agreement algorithm or
distributed as a mail list key. For key agrement of RC2 key-encryption keys,
128 bits must be generated as input to the key expansion process used to
compute the RC2 effective key [RFC 2268].
Russ