On Tuesday, November 04, 1997 7:23 AM, William H. Geiger III [SMTP:whgiii@invweb.net] wrote:
To create an S/MIME compliant application one MUST implement RC2/40 and one MUST pay RSA to do so!!
Just to set things a little straight, RSA posted an internet draft describing the RC2 algorithm (draft-rivest-rc2desc) on June 23 of this year. RSA has maintained trademark rights to the _name_ "RC2" but you're free to implement the algorithm and call it "RC2 compatible" and pay RSA nothing.
This is the BIG difference between S/MIME and Open-PGP. In Open-PGP there is no MUST to implemnet weak crypto. In Open-PGP there is no MUST to implement propritary algoritms.
The other big difference is that you are comparing something that exists with something that doesn't. In order to level the playing field, let's compare two things that don't exist -- OpenPGP and S/MIME v3. The current intent for S/MIME v3 is that the only MUST algorithm set is DH / El Gamal / 3DES for encryption and DH / DSS for signatures. All free, all strong (in theory <g>).
I think that this should be simple enough for anyone here to understand.
I think that this should be simple enough for anyone here to understand. -- Ron Craswell Worldtalk Corp.