[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Symmetric Algorithm

To: "'WengFatt Fong'" <wffong@xxxxxxxxxx>
Subject: RE: Symmetric Algorithm
From: Sam Simpson <ssimpson@xxxxxxxxxxxxx>
Date: Wed, 29 Oct 1997 14:56:56 -0000
Cc: "'ietf-open-pgp@xxxxxxx'" <ietf-open-pgp@xxxxxxx>
Sender: owner-ietf-open-pgp@xxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All algorithms within PGP (CAST,IDEA & 3DES) have keys >40 bits and
are thus unexportable from the US.  What stops people from producing
the programs outside of the US (Hint: nothing!).  This is supposed to
be a standard being defined, not a program hence export issues
shouldn't be considered.

If export restricions were a consideration then the assymetric
algorithms (RSA/DH) will also never get export licenses at their
current lengths.

- -----------------------------------------------------------------
Sam Simpson, Network Administrator & M.Sc. Info Security Student
E-Mail: ssimpson@xxxxxxxxxxxxx

Home Tel/Fax: +44 (0)1438 726069     Work Tel: +44 (0)1992 479490

PGP DSS/DH key (1024 DSS/3072 DH):            Key ID:  0x433FDB4F 
  Fingerprint: EC90 207C 6392 3ED0 02A6  7D6C ED2D CBC1 433F DB4F
PGP 2048-bit RSA key:                         Key ID:  0x560D21A9
  Fingerprint: 5230 1896 D999 A4F0  1F31 937E F311 D469
- -----------------------------------------------------------------

On 29 October 1997 13:44, WengFatt Fong [SMTP:wffong@xxxxxxxxxx]
wrote:
> Making Triple-DES a MUST will render this unusable outside of North
America.
> Triple-DES requires a US Export licence.
> 
> Weng Fatt  Fong
> 
> 
> owner-ietf-open-pgp@xxxxxxx on 28/10/97 11:58:21 PM
> Please respond to uri@xxxxxxxxxxxxxx @ internet
> To: jon@xxxxxxx @ internet
> cc: ietf-open-pgp@xxxxxxx @ internet
> Subject: Re: Symmetric Algorithm
> 
> 
> Jon Callas says:
> > There are presently three symmetric algorithms used in PGP. They
are IDEA,
> > Triple-DES, and CAST5..........
> >
> > (1) Which algorithm is the MUST algorithm?
> 
> I say - Triple-DES as the most proved, the most reliable and the
> most "free".
> 
> > (2) Should there be more than one MUST algorithm, and if so, which
ones?
> > Please note that arguing for IDEA being a MUST algorithm could
lead to the
> > standard getting bogged down.
> 
> Due to its patented nature and some other things I strongly urge to
> make IDEA "SHOULD" at most. [Yes, I'm aware of what's the main
> algorithm in PGP-2.x.]
> 
> > (3) Should any remaining algorithms from the original suite be
SHOULD or
> > MAY?
> 
> People apparently like CAST - and it looks promising. I'd make it
SHOULD.
> 
> > (4) What other algorithm(s) do you want to see as MAY algorithms?
> 
> I'd make SEAL and DES/SK "MAY". I realize that there are many nice
> algorithms - but how many can (and should :-) we put in?
> SEAL is the fastest (but patented), and DES/SK gives
> you the benefits of 3DES without the expense of 48 rounds.
> 
> > My votes:
> > (1) Triple-DES (because it's less controversial than CAST5).
> 
> I'm with you.
> 
> > (2) No, only one MUST algorithm.
> 
> I'm with you.
> 
> > (3) I'd like to see both CAST5 and IDEA as SHOULD algorithms.
> 
> I prefer CAST (due to it's free nature).
> 
> > (4) I have no preferences, but ones mentioned to me are Blowfish
and
> > SAFER128.
> 
> Here we differ somewhat... My vote is for DES/SK (and for obvious
reason :-).
> --
> Regards,
> Uri  uri@xxxxxxxxxxxxxx
> -=-=-=-=-=-=-
> <Disclaimer>
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5

iQA/AwUBNFdOuO0ty8FDP9tPEQLh5wCgmQ1eSFlkMCrtXhdXBnJQB1G8gPwAnAvs
AXIuR/1F4uGr56cFb8T5zVV3
=1SP8
-----END PGP SIGNATURE-----

Prev by Date: Re: Documentation of Alternatives (was Re: What this WG is doing)
Next by Date: Software implementig Hierarchical trust
Previous by thread: Re: Symmetric Algorithm
Next by thread: re: Symmetric Algorithm
Index(es):
- Date
- Thread