Jeff Weinstein wrote:
Lucky Green wrote:
At 13:38 7/22/96, Tom Weinstein wrote:
Yes, and that's what we're trying to do. Get strong crypto in the hands of as many people as we can. I can hardly wait until we get S/MIME in.
What will Netscape do to about the 40bit RC-2 default and the signatures on the outside of the encryption envelope design flaws in S/MIME? I can't imagine Netscape releasing software that has these two properties.
If you know that the recipient can read a message encrypted with 3DES, IDEA, or RC2-128, then you can send the message using one of these strong algorithms. Given that you need someones public key to send them a message, there are several obvious ways to transmit information about what algorithms they accept along with it.
Yes, we all know that. But which one will Netscape actually _do_? If there's one thing we've learned from PGP, it's that configuration and per-user key management are killers. The reason why I'm so excited about Netscape is that you guys have the _possibility_ to really get strong crypto to the masses. Whether you really do that or not is in your hands. I've made a proposal for solving the 40-bit protocol failure in S/MIME. There are other proposals out there too, with various strengths and weaknesses. The main advantage of mine is that it requires no additional infrastructure - i.e. VeriSign does not have to start including algorithm preferences in the DigitalID's they distribute. Will Netscape come through? Raph