Hal wrote:
I suppose it goes without saying that the kinds of privacy-protecting credentials we have been discussing are not what is being discussed here.
No, but hopefully the standard can be extended (officially or unofficially) to include them, even if only a relatively small fraction of organisations will use the privacy-protection extensions initially. Hopefully once some organisations are doing so they'll have a real competitive advantage over those who want to collect marketing data.
This is outrageous! Where on earth did they get the idea that non-U.S. residents have access only to 40 bit keys and RC2/RC4?
Don't worry - as soon as it hits the streets in Europe I'm sure a number of us will be ripping out the RC4 code and implementing real encryption systems instead.... (assuming it comes as source code, otherwise we'll have to upgrade the normal Mosaic source instead once the standard is settled). Overall, I think it's a good thing, and hey, at least it isn't using Clipper !