On Mon, 30 Oct 1995, Rich Salz wrote:

The licensed version of RC4, or the software that was posted anonymously?

Cop-out: That algorithm described in Applied Cryptography 2nd Edition under the label RC4.

Where would you swap RC4 for DES?

The swap would take place in the list of schemes that must be supported by conforming applications.

I assume your added stipulation is a "should" not a "must" item.

Correct [strong should, but still should]

How are you going to handle key management and naming?

The protocol's part of key management for OOB shared keys is taken care of by naming; session key exchange with PK is not yet fully defined, but will look a lot like either SKIP or Photuris. Naming: Names are strings, of the format <domain>:<name>, where domain is the name-space from which the names are taken. The following domains are pre-defined: DN: X.500 Distinguished name. The name portion contains the RFC1485 ascii encoding of the DN. URN: Uniform Resource Name. The name consists of a URN (whatever that turns out to be). PGP: PGP format name. A PGP user name. Simon ---- (defun modexpt (x y n) "computes (x^y) mod n" (cond ((= y 0) 1) ((= y 1) (mod x n)) ((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n)) (t (mod (* x (modexpt x (1- y) n)) n))))