From: volley@lls.se (Pelle Claesson)
To: cypherpunks@toad.com
Message Hash: 0af935bb407d74e38aba31e33c9e02c9abf35f21761a44d642bdd8a993325f69
Message ID: <minimail_3130166c_9f453@lls.se>
Reply To: N/A
UTC Datetime: 1996-02-25 01:28:58 UTC
Raw Date: Sun, 25 Feb 1996 09:28:58 +0800
From: volley@lls.se (Pelle Claesson)
Date: Sun, 25 Feb 1996 09:28:58 +0800
To: cypherpunks@toad.com
Subject: S/MIME outside the US?
Message-ID: <minimail_3130166c_9f453@lls.se>
MIME-Version: 1.0
Content-Type: text/plain
(I'm doing some research on different security standards, as I'm
about to write an email/news program. Have been reading this list
for quite a while, and it's time to delurk.)
This is a quote from the S/MIME FAQ, as found on RSA's WWW server:
"S/MIME recommends three symmetric encryption algorithms: DES,
Triple-DES, and RC2. The adjustable keysize of the RC2 algorithm
makes it especially useful for applications intended for export
outside the U.S. RSA is the required public-key algorithm."
If I got things right, DES is "exportable" as long as the keysize
is kept under a certain size, which is too small to be really secure?
If that's the case, I guess RC2 is the last resort? Is it good enough,
or do I have to leave out S/MIME support, and just communicate with
people outside the U.S or something?
IMHO, these export restrictions on cryptography are completely insane.
Is there *any* way to bypass them (except for breaking the law)?
--
volley@lls.se
Return to February 1996
Return to “volley@lls.se (Pelle Claesson)”