From: Charlie_Kaufman/Iris.IRIS@iris.com
Date: Thu, 1 Feb 1996 00:27:42 +0800
To: CypherPunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <9601311850.AA1379@moe.iris.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 11:09 1/30/96, Charlie_Kaufman/Iris.IRIS@iris.com wrote:
> 
> >p.s. re: the fact that it's 64 bits rather than 128. That was the limit on 
key
> >size of the crypto software we licensed from a third party. That crypto
> >software also limited us to 760 bit RSA keys.
> 
> I find this very interesting. RSA prohibits its licencees from using RSA
> software with truly secure keylenghts. What may have incenitvised them to
> take this bizzare position?

The problem is not with the license, but with the software. And not with the 
latest software, but with some antique software we started using a long time 
ago (before RSAREF was a twinkle in anyone's eye) when 760 bit RSA keys and 64 
bit RC2/RC4 keys seemed impenetrable. Given that interoperability with the 
installed base is a higher priority than resistance to some theoretical attack, 
we can't increase key sizes until the market rolls over to the latest software. 
We do have plans to get there.

  --Charlie Kaufman
  (charlie_kaufman@iris.com)
  PGP fingerprint: 29 6F 4B E2 56 FF 36 2F   AB 49 DF DF B9 4C BE E1