From: "Ron Craswell" <ronc@deming.com>
Date: Wed, 5 Nov 1997 09:19:40 +0800
To: "'William H. Geiger III'" <iancly@entrust.com>
Subject: RE: S/MIME
Message-ID: <c=US%a=_%p=Deming_Software.%l=CANE-971105003101Z-2767@cane.deming.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tuesday, November 04, 1997 7:23 AM, 
William H. Geiger III [SMTP:whgiii@invweb.net] wrote:
> 
> To create an S/MIME compliant application one MUST implement RC2/40 and
> one MUST pay RSA to do so!!

Just to set things a little straight, RSA posted an internet draft
describing the RC2 algorithm (draft-rivest-rc2desc) on June 23 of this
year.  RSA has maintained trademark rights to the _name_ "RC2" but
you're free to implement the algorithm and call it "RC2 compatible" and
pay RSA nothing.

> This is the BIG difference between S/MIME and Open-PGP. In Open-PGP there
> is no MUST to implemnet weak crypto. In Open-PGP there is no MUST to
> implement propritary algoritms.

The other big difference is that you are comparing something that exists
with something that doesn't.  In order to level the playing field, let's
compare two things that don't exist -- OpenPGP and S/MIME v3.

The current intent for S/MIME v3 is that the only MUST algorithm set is
DH / El Gamal / 3DES for encryption and DH / DSS for signatures. All
free, all strong (in theory <g>).

> I think that this should be simple enough for anyone here to understand.

I think that this should be simple enough for anyone here to understand.

--
Ron Craswell
Worldtalk Corp.