-----Original Message-----
From: Al Arsenault [mailto:aarsenault(_at_)spyrus(_dot_)com]
Sent: Monday, November 23, 1998 5:01 AM
To: Blake Ramsdell; ietf-smime(_at_)imc(_dot_)org
Subject: RE: Comments on MSG spec
At 03:44 PM 11/20/98 -0800, Blake Ramsdell wrote:
<snip>
By the way, I think that the 3DES reference sucks (a 1979
IEEE Spectrum
article?). Any suggestions?
The IEEE Spectrum article is usually cited to give Tuchman
credit for the
work; I think it's the first published description of 3DES.
(Schneier uses
that reference, too.) However, if you're looking for
something better, Ford
& Baum cite ANSI X9.52, "Triple Data Encryption Algorithm Modes of
Operation", 1997. I had thought that X9.17 covered it, too,
but I can't
find my copy of X9.17 at this moment. The ANSI refs are
probably better
than Tuchman, in that they give you a single place that
describes both DES
and 3DES.
I guess my point was more along the lines of "I need that which is necessary
and sufficient to implement the triple-DES algorithm as it is used in
S/MIME". If ANSI X9.52 is publicly available in a known or easy-to-find
location, then that would make a great reference.
If it's not, I'd like to find (or create) something that is. I looked at
TLS and they have the same reference, which I can't find.
Am I too lofty in my goals?
I believe that the theory here is that RC2 is or was a
trademark of RSADSI,
and so use of that trademark (that little (r) in the title
of RFC2268)
seemed to indicate that "if you had another algorithm with a
different name
that behaved exactly the same way, you'd be free and clear from any
potential IP concerns using RC2 in box copy, etc."
Now that I remember what this is all about, I'd like to agree
with Paul's
suggestion: kill the "or a compatible algorithm" stuff.
So the (r) is not a concern? Just asking.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060