(I'm doing some research on different security standards, as I'm about to write an email/news program. Have been reading this list for quite a while, and it's time to delurk.) This is a quote from the S/MIME FAQ, as found on RSA's WWW server: "S/MIME recommends three symmetric encryption algorithms: DES, Triple-DES, and RC2. The adjustable keysize of the RC2 algorithm makes it especially useful for applications intended for export outside the U.S. RSA is the required public-key algorithm." If I got things right, DES is "exportable" as long as the keysize is kept under a certain size, which is too small to be really secure? If that's the case, I guess RC2 is the last resort? Is it good enough, or do I have to leave out S/MIME support, and just communicate with people outside the U.S or something? IMHO, these export restrictions on cryptography are completely insane. Is there *any* way to bypass them (except for breaking the law)? -- volley@lls.se