[548] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: 40 bit encryption: Missing the point

daemon@ATHENA.MIT.EDU (Karl Auerbach)
Mon Mar 27 20:38:13 1995

Date: Mon, 27 Mar 1995 14:19:03 -0800 (PST)
From: Karl Auerbach <karl@cavebear.com>
To: Chuck Yerkes <yerkes_chuck@jpmorgan.com>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <9503271637.ZM17836@fugit.ny.jpmorgan.com>
Errors-To: owner-www-security@ns2.rutgers.edu

>   If it means that Netscape (or cern, or W3) makes their server
> available with 40bit encryption, BUT WITH HOOKS so that I, as the
> buyer, can EASILY replace it

NSA frowns on hooks -- they want any auth/crypto code so intertwined that it
is essentially impossible for anyone to put in a better algorithm. In other
words, once they bless something, they don't want it changed or extended. 

(This will make interesting times for extensible tools, such as Sun's new 
Hot Java. -- they're just one big hook.)

		--karl--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[548] in WWW Security List Archive

Re: 40 bit encryption: Missing the point

daemon@ATHENA.MIT.EDU (Karl Auerbach)Mon Mar 27 20:38:13 1995

daemon@ATHENA.MIT.EDU (Karl Auerbach)
Mon Mar 27 20:38:13 1995