From: Ian Clysdale <iancly@entrust.com>
Date: Tue, 4 Nov 1997 23:19:25 +0800
To: "'Nobuki Nakatuji'" <JonWienk@ix.netcom.com>
Subject: RE: S/MIME
Message-ID: <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971104145454Z-34522@mail.entrust.com>
MIME-Version: 1.0
Content-Type: text/plain



I'm sorry, but I have to disagree on that one.  S/MIME DOES use 40 bit 
RC2, by the standard, but the standard specifically states the 
weakness of those keys, and recommends using another implementation. 
 The standard strongly recommends the use of triple-DES, and 
apparently the Communicator and Outlook S/MIME triple-DES now 
interoperates properly.  Deming has also had a plugin which does 
triple-DES for quite a while.  In addition, individual vendors are 
allowed to put in any other algorithms into an S/MIME implementation 
that they desire - for example, the default algorithm in Entrust's 
S/MIME implementation is CAST-128.

The point that I'm trying to make here is that while PGP defines both 
algorithm and protocol, S/MIME just defines protocol.  As long as you 
have two clients which share common algorithms, then you can use any 
algorithms that you like with S/MIME.

								ian

----------
From:  Jonathan Wienke [SMTP:JonWienk@ix.netcom.com]
Sent:  Monday, November 03, 1997 9:34 PM
To:  Nobuki Nakatuji; cypherpunks@toad.com
Subject:  Re: S/MIME

At 08:49 PM 11/2/97 PST, Nobuki Nakatuji wrote:
>Is S/MIME secure than PGP ?

No. S/MIME uses 40 bit keys, which are trivially breakable by 
paralell
brute-force key search attacks.

Jonathan Wienke