From: Rich Salz <rsalz@osf.org>
Date: Tue, 5 Dec 95 15:52:24 PST
To: pfarrell@netcom.com
Subject: Re:  NIST GAK export meeting, short version
Message-ID: <9512052349.AA28680@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>_do control_. They hope that the pain of having multiple versions will be
>so high that no vendor will bother, and all we'll have is crippled
>software.

>I think that the real key is for everyone, worldwide to insist on
>both strong crypto and interoperability.

Anything that uses cryptography absolutely and positively *must* support
multiple cryptographic protocols.  Tag every RPC, transaction, method
invocation, what-have-you with some indicator that indicates not only
"encrypted" but "encrypted via method 2".  Allow customers to specify
policy, at least via an environment variable such as
	NETSCAPE_SSL_PROTECTION=1,2,4
where the online documentation says
	1 = 512bit RSA
	2 = 256bit RSA
	4 = Rot 13

Design open, extensible architectures with public registries and protocol
descriptions.
	/r$