From: Eric Young <eay@mincom.oz.au>
Date: Mon, 18 Sep 95 02:11:20 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape Navigator 2.0 will implement secure e-mail
In-Reply-To: <43jau5$qbj@tera.mcom.com>
Message-ID: <Pine.SOL.3.91.950918185301.29263B-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Sep 1995, Jeff Weinstein wrote:
> The implementation guide recommends using rc2-cbc 40-bit for content
> encryption when there is no way to determine the capabilities of the
> recipient.  When you do know what the recipient can do, it recommends
> using RC2-CBC with a longer key or DES-CBC.

Hmm....  notice the use of a non public cipher as the base cipher.... 
what a shame.... 

A note for non-USA people, the next version of SSLeay will include the 
full fuctionality of RSAref/RSAeuro and I should soon have the PKCS-7 
stuff finished in the next release after that.  I've almost finished the 
documentation of the encryption/RSA type routines. The encryption/open/seal 
routines supporting any cipher that conforms with a specified Cipher API.

It will be shipping with examples of des-ecb, des-cfb, des-cbc, des-ede2, 
des-ede3, idea-ecb, idea-cfb, idea-cbc and rc4-128.  If people could send 
me the official Object identifiers for these ciphers, I'll be able to 
support them in PKCS-7, otherwise they will only be supported in PEM mode.
eg,
rc4 is '1 2 840 113549 3 4'
but I don't even know what des in cbc mode is.  I lack documentation.
If any-one can email SMIME/PKCS-7 stuff that is encrypted/sealed, I'll be 
able to extract the object identifiers.


> For key encryption support for RSA with key sizes of 512 to 1024 is
> required, and support for 2048 bit keys is recommended.  A minimum
> key size of 768 bits is recommended for US users.

Again, SSLeay has no restrictions, 4096 bits anyone :-)

eric (who is just lacking documentation :-(
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)