From: Hal <hfinney@shell.portal.com>
Date: Thu, 17 Aug 95 12:39:52 PDT
To: cypherpunks@toad.com
Subject: Strong encryption for credit cards only
Message-ID: <199508171938.MAA19803@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


In response to the SSL break, Netscape has said they are working on
improved encryption specifically for credit card numbers.  This would use
56 bit keys, presumably DES.  I got this from the SJ Mercury News online,
<URL:http://www.sjmercury.com/nav.htm>.

While we can applaud any measure to increase user privacy and security,
it will be unfortunate if this enhanced encryption, which will
apparently be limited strictly to credit card information in order to
get export approval, weakens support for efforts to allow expanded
export approval of all sorts of encryption.

There are many aspects to privacy beyond credit card numbers.  The bottom
line remains that overseas companies are able to put stronger encryption
in their products than American companies can in their export versions.
We need to keep offering good arguments for why users will need strong
encryption for more than their credit card info.  If the message gets out
that this new measure solves the security problems on the internet then
that will be a big loss for our goals.

Hal