RE: Clarifying controversial criteria

Blake Ramsdell (BlakeR@deming.com)
Wed, 13 Mar 1996 14:46:09 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Raph Levien: "RE: Clarifying controversial criteria"

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.  Contact your
mail administrator for information about upgrading your reader to a version
that supports MIME.

------ =_NextPart_000_01BB10EB.D2597E60
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Wednesday, March 13, 1996 12:48 PM, Raph
Levien[SMTP:raph@cs.berkeley.edu] wrote:
>>
>>   I'm pretty sure that the S/MIME implementations of 40-bit RC2 are, in
>>fact, restricted to 40 bits for export reasons. Thus, I stand by the
>>blank for S/MIME Secure Interoperability.

A product that is sold in another country by an American company that
implements the RC2 algorithm is, in fact, limited to using a 40-bit key
(combined with a 512-bit RSA key).  This is not a point of debate, and if
this is the reason why S/MIME fails the Secure Interoperable criteria on
your chart, I think the criteria should be removed, since it is impossible
for me (an American company) to implement *any* secure standard and have it
be exportable.

A domestically sold version of an S/MIME implementation by this same
company, however, can use key sizes up to the limit of the RC2
implementation, which is only available legally from RSA Data Security, Inc.
(start a separate thread if you want to flame me on this one), and all of
their implementations support much longer key lengths -- in excess of the
Symmetric Cryptography Recommended Daily Allowance of 90-bits.  Not to
mention the recommended use of triple-DES in S/MIME also.

>>   As a general note, this misperception highlights a problem with user
>>understanding of "modular" specifications. It is true that S/MIME is
>>algorithm independent, and that RC2 is one of the algorithms it
>>supports. It is also true that RC2 is keylength independent (up to a
>>1024 bits, according to my copy of the Alleged-RC2 code). So can you get
>>1024-bit RC2 in S/MIME? No.

Why is the answer to this no?  Because a German using the US exported
version of a product I write can't use more than 40-bits with RC2?  This is
a limitation enjoyed by all importers of cryptographic products from the US,
and once again I think it is an unfair criteria.

Blake

------ =_NextPart_000_01BB10EB.D2597E60--

Previous message: Raph Levien: "RE: Clarifying controversial criteria"