Tom Weinstein <tomw@netscape.com> writes:
Arnold G. Reinhold wrote:
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.)
Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES. Either would require roughly the same changes to both clients and servers. And from a protocol perspective, it would be worse, at least for SSL, since SSL doesn't have a 56 bit RC4 mode at all.
-Ekr -- [Eric Rescorla ekr@rtfm.com]