[464] in cryptography@c2.net mail archive
Entrust as CA (was Re: Analysis of proposed UK ban on use of non-escrow)
daemon@ATHENA.MIT.EDU (A. Padgett Peterson P.E. Informati)
Wed Apr 2 10:39:13 1997
Date: Wed, 2 Apr 1997 9:15:34 -0500 (EST)
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
To: cryptography@c2.net
Kent rote:
> You need to revise your knowledge: NorTel's "Entrust" product does key
> escrow, and has been on the market for some time. It has FIPS (US
> Federal Information Processing Standard) certification. Signing and
> encrypting keys are separated: only encryption keys are escrowed. The
> intended market is the large enterprise.
If you want to see what the *old* Entrust with this looked like, may I
suggest Module 14 "Advanced Security" of Microsoft's "Exchange Server
Support" on the Microsoft Technet CD. Now I know why everyone has *two*
separate key pairs generated and distributed in *two* separate ways.
Problem is that with the early Entrust, keys are limited to 512 bits. Is
there anyone here willing to bet a corporation's future on 512 bit RSA
keys ? (personally would feel SAFER with 1024 bit El Gamal over 56 bit
DES than 512 bit RSA over 128 bit IDEA. )
Warmly,
Padgett
http://www.netmind.com/~padgett
