Eric:
I am comfortable mandating the effective and real key lengths are the same
for the calculation of the key-encrypting key. If some policy wants to use
a reduced effective key length for the content-encryption key, thsi can
still be accomodated.
Russ
At 09:14 AM 2/22/99 -0800, Eric Rescorla wrote:
Here's some analysis on the RC2 effective key issue, thanks to Burt Kaliski.
[...]
Clearly we do have to defend against the partition attack on effective
key lengths.
As John suggests, I propose that we place the RC2 effective key
length into the the suppPubInfo. However, this leaves us with
an unfortunate inconsistency, in that for some algorithms it's
the length and some it's the effective length. One solution
to this would be to revert to what Stephen Henson has termed
the X/8 strategy. I.e. make the effective and real lengths
the same for RC2. This is slightly more tasteful than having
a bunch of special case language.
Comments? I'd like to get this settled quickly.
-Ekr
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]