[543] in WWW Security List Archive
Re: 40 Bit Cryptography
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Mon Mar 27 15:37:52 1995
To: www-security@ns2.rutgers.edu
cc: hallam@dxal18.cern.ch
In-reply-to: Your message of "Mon, 27 Mar 1995 07:56:09 EST."
<199503271444.JAA22492@ns2.rutgers.edu>
Date: Mon, 27 Mar 1995 18:24:52 +1000
From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
Errors-To: owner-www-security@ns2.rutgers.edu
> A lower cost of breaking in (40 bit DES) means only that only
> relative low value information may be protected. My companies
> secrets will not fall into this low value category. My credit
> card number (already known to thousands of waiters and clerks
> throughout the world) might. My dinner arrangements with my
> wife will definitely fall into this low value category.
Well I know some people whose dinner arrangements definitiely fall into
the high security category...
The point about money transations though is that we cannot expect to build
them unless we first have a secure base to work from. Once we have an
established certificate reference (ie PEM hierarchy or PGP web of trust)
we have the tools to do e-commerce at a variety of levels. Without this
reference framework neither SSL nor a payments scheme is feasible.
That is why EIT and myself have been working at the particular level that we
have. Its the best place to get a lever into the certs problem.
Phill
