Re: Non-US SSL128 site
a) Use 128 bit SSL if the client allows it. b) Tell users which cipher is being used on a secure session.
Netscape's press release on the RC4-40 crack seems to have disappeared from their home page, but I don't remember any specific mention of 128-bit U.S.-only clients, just servers.
So what's up?
Netscape sells a 128-bit US-only client for $39 Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei@process.com
| Netscape sells a 128-bit US-only client for $39 Does the US only server also do des, 3des and IDEA, or just rc4-128? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Adam Shostack writes:
| Netscape sells a 128-bit US-only client for $39
Does the US only server also do des, 3des and IDEA, or just rc4-128?
Yes. It does: RC4 - 128 RC4 - 40 RC2 - 128 RC2 - 40 IDEA DES, "64 bits" DES "with EDE 3, 192 bits" -- Jeff
In article <9509051506.AA09665@wombat.sware.com>, jeffb@sware.com (Jeff Barber) writes:
Adam Shostack writes:
| Netscape sells a 128-bit US-only client for $39
Does the US only server also do des, 3des and IDEA, or just rc4-128?
Yes. It does:
RC4 - 128 RC4 - 40 RC2 - 128 RC2 - 40 IDEA DES, "64 bits" DES "with EDE 3, 192 bits"
Our software does not implement idea at this time. It is in the SSL spec, as a possible cypher choice. We do implement the rest, including DES and 3DES. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (4)
-
Adam Shostack -
Jeff Barber -
jsw@neon.netscape.com -
Peter Trei