[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST GAK export meeting, short version

To: [email protected]
Subject: Re: NIST GAK export meeting, short version
From: Rich Salz <[email protected]>
Date: Tue, 5 Dec 1995 18:49:19 -0500
Cc: [email protected]
Sender: [email protected]

>_do control_. They hope that the pain of having multiple versions will be
>so high that no vendor will bother, and all we'll have is crippled
>software.

>I think that the real key is for everyone, worldwide to insist on
>both strong crypto and interoperability.

Anything that uses cryptography absolutely and positively *must* support
multiple cryptographic protocols.  Tag every RPC, transaction, method
invocation, what-have-you with some indicator that indicates not only
"encrypted" but "encrypted via method 2".  Allow customers to specify
policy, at least via an environment variable such as
	NETSCAPE_SSL_PROTECTION=1,2,4
where the online documentation says
	1 = 512bit RSA
	2 = 256bit RSA
	4 = Rot 13

Design open, extensible architectures with public registries and protocol
descriptions.
	/r$

Prev by Date: Netscape Bug Bounty...
Next by Date: [Political Noise?] Banking law changes proposed
Prev by thread: Re: NIST GAK export meeting, short version
Next by thread: Re: NIST GAK export meeting, short version
Index(es):
- Date
- Thread