Lucky Green wrote:
At 15:58 6/3/96, Raph Levien wrote:
Basically, an exportable S/MIME client can transmit messages up to 1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually restricted to 512/56 because of the keysize of DES). Note that the asymmetry actually points in different directions for the public and symmetric keysizes.
What will be the maximum keysize for a domestic encryption client? It it is larger than 1024 bits, there will be interoperability problems with foreign clients. If the domestic client is limited to 1024 bits, it would set a bad precedence, since it would effectively require that the encryption key is smaller than the largest signature key.
There is no restriction on non-export keysize, as far as I know. Of course, if you do use a key larger than 1024 bits, then export clients can not encrypt to you. I don't consider this to be a serious limitation. I'd far rather see an error message of "cannot encrypt to client - your software is crippled" than "encrypting to recipient with super-duper 40-bit cipher". The more crippled the export version appears to be, the more pressure there is to upgrade to a non-export version. I object to the word "domestic" to refer to non-crippled encryption programs. I use "non-export" because that seems least likely to cause confusion. Keep in mind that clients developed outside the US are also non-crippled. The word "domestic" seems to unfairly exclude them. Raph