From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 30 Sep 95 01:28:33 PDT
To: Christopher Allen <ChristopherA@consensus.com>
Subject: Re: X.509, S/MIME, and evolution of PGP
Message-ID: <199509300828.BAA00347@ix.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 PM 9/29/95 -0700, Christopher Allen <ChristopherA@consensus.com> wrote:
>At 3:22 PM 9/27/95, Bill Stewart wrote:
>>5) S/MIME - real S/MIME compliance requires support for RC2 as well as
>>publicly available algorithms, though this is really just an X.509 handler.
>I've been working on getting RC2/RC4 in object-only exportable size key
>form from RSA for RSAREF customers, and Jim Bidzos has agreed in principle.
>We have to work out details, however.

Sounds good, but having publicly implementable standards would be nicer;
licensable patented code is enough of a hassle, without having standards
that have *trade secrets* built into them.  RC2 as an option is fine;
RC2 as a mandatory part of a conforming implementation is pretty tacky.

>>6) It's a lot of work - well, yeah, it is.  And I'm lazy.  Is there enough
>>related code in SSLeay to steal to help implement it?

Actually, it turns out that the latest RIPEM has certificate chains, Web of
Trust,
and really just about everything I want, except perhaps user-friendly GUIs,
which could be added easily enough.  I haven't yet sorted out which
parts are in the export-approved RIPEM-SIG and which parts are only in RIPEM2.1,
but it's a pretty straightforward job.  (Now to go scrounge some disk space!)
The RIPEM code is all public-domain, and uses RSAREF for its crypto,
so exporting the non-RSAREF parts is copyright/patent clean, and maybe
it can be possible to put together a CJ-able version of the new stuff
so it can gain legitimacy after having been exported for months :-)
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---