Re: Draft of workshop notes

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Raph Levien: "Re: Draft of workshop notes"
• Previous message: Blake Ramsdell: "RE: using application/octet-stream in multipart/encrypted"

Here is Raph's matrix and foot notes:

                    PGP  MOSS  PGP/MIME  S/MIME  MSP
     Interoperable   +   ?(1)     +        +      
     Int=>Secure     +            +               -(2)
     Exportable                            +      +
     
     (1) This is the question raised in
     http://www.imc.org/workshop/mail-archive/0112.html, which still 
     hasn't been answered.
     
     (2) I believe the assignment of a "-" here is generous, given that 
     the Fortezza cyphe has 80-bit keys (as opposed to the minimum 90 
     recommended in the BSA report), is key escrowed, and is not publicly 
     available. Russ Housley of Spyrus seems to disagree with these 
     assignments, but has not yet given me a convincing argument why they 
     need to be changed.

Raph, you are correct.  I disagree.  Please do not confuse MSP and 
FORTEZZA.  FORTEZZA provides one cryptographic suite for use with MSP or 
other security solutions.  For example, TIS and SPYRUS have written an 
Internet-Draft that describes how FORTEZZA can be used with PEM and MOSS.  
Further, MSP can be used with other cryptographic algorithm suites.  Two 
companies are developing MSP implementations which use RSA signature, RSA 
key transport, and DES.  It could easily use Triple DES, but the customer 
in this case does not need anything stronger than DES.

I still think that algorithm independence is a paramount criteria.  New 
algorithms will be developed, and old algorithms will be made useless by 
technology improvements, either the key size will be too small or attacks 
will be discovered.  Plan for algorithm replacement now!

Russ

• Next message: Raph Levien: "Re: Draft of workshop notes"
• Previous message: Blake Ramsdell: "RE: using application/octet-stream in multipart/encrypted"