[541] in WWW Security List Archive
Re: Netscape and 40 bit encryption
daemon@ATHENA.MIT.EDU (amir@watson.ibm.com)
Mon Mar 27 14:13:21 1995
To: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
Cc: "Chuck Yerkes" <yerkes_chuck@jpmorgan.com>, www-security@ns2.rutgers.edu
In-Reply-To: Your message of "Fri, 24 Mar 1995 20:18:22 +0900."
<95Mar24.201831+0900_met.63663-3+2@dxal18.cern.ch>
Date: Mon, 27 Mar 1995 09:17:16 -0500
From: " " <amir@watson.ibm.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Phil says:
> No, I don't think anyone would question the 40bits is not enough. Thats why the
> US government will let people use it...
While the US govt (and others) will bar strong (>40b) general purpose
ENCRYPTION, this does not hold for authentication (as Chuck asked), or in fact
even for encryption which is limited to, say, credit card numbers.
Therefore: I agree with Phil that technically SSL does use 40b. But I disagree
that this is unavoidable due to export restrictions; strong auth and encryption
of credit card and similar info is possible.
Best, Amir Herzberg