Non-US SSL128 site

W. Kinney kinney at bogart.Colorado.EDU
Wed Aug 30 09:00:09 PDT 1995


 
> a) Use 128 bit SSL if the client allows it.
> b) Tell users which cipher is being used on a secure session.

Interesting. When I connect, both from my Unix box at work and my Mac at
home, I'm told the connection is "40 bits RC4". I'm running Netscape 1.1.
I guess this makes sense, since if freely distributed clients were 128-bit
capable, then foreign users would still get 128-bit security when connecting
to U.S. servers.

Netscape's press release on the RC4-40 crack seems to have disappeared from
their home page, but I don't remember any specific mention of 128-bit
U.S.-only clients, just servers.

So what's up?

                                -- Will





More information about the cypherpunks-legacy mailing list