RE: Clarifying controversial criteria

Blake Ramsdell (BlakeR@deming.com)
Tue, 12 Mar 1996 15:10:33 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Brad Knowles: "Re: Draft of workshop notes"

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.  Contact your
mail administrator for information about upgrading your reader to a version
that supports MIME.

------ =_NextPart_000_01BB1026.104A5850
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Tuesday, March 12, 1996 1:04 PM, Raph Levien[SMTP:raph@c2.org] wrote:
>
> <snip>
>>
>>Secure Interoperability
>>
>>There exists some algorithm set which is both contained in all
>>implementations of the protocol and is considered secure by modern
>>cryptographic practice, as exemplified in part by the BSA recommendations
>>on minimum keylength. 
>
> <snip>
>>
>>   Given these definitions, this matrix follows naturally:
>>
>>                     PGP  MOSS  PGP/MIME  S/MIME  MSP
>>      Interoperable   +   ?(1)     +        +
>>      Secure Int      +            +
>>      Exportable                            +      +
>>
> <snip>
>>
>>S/MIME gets +, blank, + because 40 bit RC2 is required by the spec to be 
>>present in all S/MIME implementations, but it is not secure. RSA + 
>>Triple-DES is secure, but absent in some implementations.

It is only recommended to use RC2 40 bit for encrypting messages unless you
know that the recipient can take more.  Any implementation of RC2 will be
able to support keylengths up to the algorithm maximum (255 bits, I think),
so it seems that S/MIME should get a + for Secure Int.

Blake

------ =_NextPart_000_01BB1026.104A5850--

Previous message: Brad Knowles: "Re: Draft of workshop notes"