From: Ian Clysdale <iancly@entrust.com>
Date: Wed, 5 Nov 1997 00:02:04 +0800
To: "'William H. Geiger III'" <whgiii@invweb.net>
Subject: RE: S/MIME
Message-ID: <c=CA%a=_%p=NorTel_Secure_Ne%l=APOLLO-971104154014Z-34701@mail.entrust.com>
MIME-Version: 1.0
Content-Type: text/plain



This is not true.

If you read the S/MIME specs it says one MUST implement the RC2/40
algorithm. A MUST in an RFC has a very definate purpose: If an 
aplication
does not implement all MUST sections of the RFC then it is not 
compliant!
To create an S/MIME compliant application one MUST implement RC2/40 
and
one MUST pay RSA to do so!!

   Umm....  If you read what I wrote, you will see that I said "S/MIME 
DOES implement 40 bit RC2, but it ALSO implements XXXXXXXX. 
 Personally, I'd rather see even weak crypto getting world-wide 
deployment than seeing no crypto getting out because of stupid 
draconian export laws.  However much you may dislike their "weak 
crypto", Netscape and Microsoft are getting more seats of 
crypto-compliant software out there than PGP ever has.  And once the 
infrastructure is out there where everyone can use weak crypto, people 
will (hopefully) realize that it is insecure, and shift to stronger 
algorithms that ARE supported currently in domestic US/Canada 
versions, and which I'm sure someone outside of the States will have 
coming out in the near future, if they're not already there.

Netscape, Microsoft, and RSA are letting thier greed get in the way 
of
developing a message encryption protocol that provides strong crypto 
to
ALL users.

   Either that, or Netscape, Microsoft, and RSA are being practical 
and doing something that will legally put SOME cryptography in the 
hands of everyone today.  It's all in how you look at it.

							ian