Netscape
Raph Levien
s_levien at research.att.com
Tue Jul 23 09:35:22 PDT 1996
Jeff Weinstein wrote:
>
> Lucky Green wrote:
> >
> > At 13:38 7/22/96, Tom Weinstein wrote:
> >
> > >Yes, and that's what we're trying to do. Get strong crypto in the hands
> > >of as many people as we can. I can hardly wait until we get S/MIME in.
> >
> > What will Netscape do to about the 40bit RC-2 default and the signatures on
> > the outside of the encryption envelope design flaws in S/MIME? I can't
> > imagine Netscape releasing software that has these two properties.
>
> If you know that the recipient can read a message encrypted with
> 3DES, IDEA, or RC2-128, then you can send the message using one of
> these strong algorithms. Given that you need someones public key
> to send them a message, there are several obvious ways to transmit
> information about what algorithms they accept along with it.
Yes, we all know that. But which one will Netscape actually _do_?
If there's one thing we've learned from PGP, it's that configuration
and per-user key management are killers. The reason why I'm so excited
about Netscape is that you guys have the _possibility_ to really get
strong crypto to the masses. Whether you really do that or not is in
your hands.
I've made a proposal for solving the 40-bit protocol failure in
S/MIME. There are other proposals out there too, with various strengths
and weaknesses. The main advantage of mine is that it requires no
additional infrastructure - i.e. VeriSign does not have to start
including algorithm preferences in the DigitalID's they distribute.
Will Netscape come through?
Raph
More information about the cypherpunks-legacy
mailing list