From: Phil Karlton <karlton@netscape.com>
Date: Sun, 21 Apr 1996 09:15:53 +0800
To: cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604192338.HAA06653@gandalf.asiapac.net>
Message-ID: <31796791.3F54@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


runner@asiapac.net wrote:

> I'm not in the US of A and the Netscape commerce server that my employer
> recently purchased has only 48bit key (as told by the salesman).

For exportable clients and servers, the symmectric keys for doing bulk
encryption are 40 bits.

> My question is
> whether it is possible to add-in my own security module (RSA)

The symmetric (RSA) keys are at least 512 bits.

> and secondly, how
> difficult is it? The salesman cannot answer me.

Netscape cannot get permission to distribute software with "pluggable"
crypto. This and the above restrictions are the result of U.S.
regulations.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin