[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyed-MD5, ITAR, and HTTP-NG

On Mon, 30 Oct 1995, Rich Salz wrote:

> The licensed version of RC4, or the software that was posted anonymously?

Cop-out: That algorithm described in Applied Cryptography 2nd Edition 
under the label RC4.

> Where would you swap RC4 for DES?

The swap would take place in the list of schemes that must be supported 
by conforming applications. 

> I assume your added stipulation is a "should" not a "must" item.

Correct [strong should, but still should]

> How are you going to handle key management and naming?

The protocol's part of key management for OOB shared keys is taken care 
of by naming; session key exchange with PK is not yet fully defined, but 
will  look a lot like either SKIP or Photuris. 

   Names are strings, of the format <domain>:<name>, where domain is the
name-space from which the names are taken. The following domains are

DN:	X.500 Distinguished name. The name portion contains the RFC1485 
	ascii encoding of the DN.

URN:	Uniform Resource Name. The name consists of a URN (whatever that 
	turns out to be).

PGP:	PGP format name. A PGP user name.

(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))