1995-08-30 - Re: Non-US SSL128 site

Header Data

From: “W. Kinney” <kinney@bogart.Colorado.EDU>
To: cypherpunks@toad.com
Message Hash: f177ac1014b0eac068c28231ae7243cb17908debd1e7cbbf95d067fc8d8b4a25
Message ID: <199508301559.JAA05610@bogart.Colorado.EDU>
Reply To: <199508301510.JAA11086@bert.cs.byu.edu>
UTC Datetime: 1995-08-30 16:00:09 UTC
Raw Date: Wed, 30 Aug 95 09:00:09 PDT

Raw message

From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Wed, 30 Aug 95 09:00:09 PDT
To: cypherpunks@toad.com
Subject: Re: Non-US SSL128 site
In-Reply-To: <199508301510.JAA11086@bert.cs.byu.edu>
Message-ID: <199508301559.JAA05610@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain


 
> a) Use 128 bit SSL if the client allows it.
> b) Tell users which cipher is being used on a secure session.

Interesting. When I connect, both from my Unix box at work and my Mac at
home, I'm told the connection is "40 bits RC4". I'm running Netscape 1.1.
I guess this makes sense, since if freely distributed clients were 128-bit
capable, then foreign users would still get 128-bit security when connecting
to U.S. servers.

Netscape's press release on the RC4-40 crack seems to have disappeared from
their home page, but I don't remember any specific mention of 128-bit
U.S.-only clients, just servers.

So what's up?

                                -- Will




Thread