This is not true. If you read the S/MIME specs it says one MUST implement the RC2/40 algorithm. A MUST in an RFC has a very definate purpose: If an aplication does not implement all MUST sections of the RFC then it is not compliant! To create an S/MIME compliant application one MUST implement RC2/40 and one MUST pay RSA to do so!! Umm.... If you read what I wrote, you will see that I said "S/MIME DOES implement 40 bit RC2, but it ALSO implements XXXXXXXX. Personally, I'd rather see even weak crypto getting world-wide deployment than seeing no crypto getting out because of stupid draconian export laws. However much you may dislike their "weak crypto", Netscape and Microsoft are getting more seats of crypto-compliant software out there than PGP ever has. And once the infrastructure is out there where everyone can use weak crypto, people will (hopefully) realize that it is insecure, and shift to stronger algorithms that ARE supported currently in domestic US/Canada versions, and which I'm sure someone outside of the States will have coming out in the near future, if they're not already there. Netscape, Microsoft, and RSA are letting thier greed get in the way of developing a message encryption protocol that provides strong crypto to ALL users. Either that, or Netscape, Microsoft, and RSA are being practical and doing something that will legally put SOME cryptography in the hands of everyone today. It's all in how you look at it. ian
-----BEGIN PGP SIGNED MESSAGE----- In <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971104154014Z-34701@mail.entrust.com>, on 11/04/97 at 10:40 AM, Ian Clysdale <iancly@entrust.com> said:
Either that, or Netscape, Microsoft, and RSA are being practical and doing something that will legally put SOME cryptography in the hands of everyone today. It's all in how you look at it.
There is an old saying in the Security Field: "Poor Security is worse than no security at all". I doubt that you would find few if any that would agree with you that it is a good thing having the masses using weak crypto. At least the US members of the Open-PGP group are willing to sacrifice overseas sales in the effort to provide STRONG crypto to EVERYONE. It is the right thing to do. I am sorry to see that you do not uderstand this. If you choose to dance with the Devil to line your pockets that is your choice but don't expect me to recomend that anyone join in with you. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNF9IJ49Co1n+aLhhAQEpDgP/VhbD501jVvV4vrSTKm8c1d3OG7KoY3qa E7+cVaTic/Zs9RQwvsn3DFrM9bfOR6dia4UkFTdklnVe7iYlCR1EXwUvA0oaxfZK y7pgaoHvb7S24RelpJi+u76PxKmLDcdOwLBpsfwqI2deTh4oqjuW68lrjcDZ+Wn1 /Tfrghm+J4k= =CKQq -----END PGP SIGNATURE-----
participants (2)
-
Ian Clysdale -
William H. Geiger III