[548] in WWW Security List Archive
Re: 40 bit encryption: Missing the point
daemon@ATHENA.MIT.EDU (Karl Auerbach)
Mon Mar 27 20:38:13 1995
Date: Mon, 27 Mar 1995 14:19:03 -0800 (PST)
From: Karl Auerbach <karl@cavebear.com>
To: Chuck Yerkes <yerkes_chuck@jpmorgan.com>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <9503271637.ZM17836@fugit.ny.jpmorgan.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> If it means that Netscape (or cern, or W3) makes their server
> available with 40bit encryption, BUT WITH HOOKS so that I, as the
> buyer, can EASILY replace it
NSA frowns on hooks -- they want any auth/crypto code so intertwined that it
is essentially impossible for anyone to put in a better algorithm. In other
words, once they bless something, they don't want it changed or extended.
(This will make interesting times for extensible tools, such as Sun's new
Hot Java. -- they're just one big hook.)
--karl--