Announcing E v0.7.2 (javadoc & zips still missing)
Sat, 21 Nov 1998 18:37:18 -0800
Bill Frantz wrote:
>At 06:04 PM 11/20/98 -0700, Marc Stiegler wrote:
>>btw, I oppose the release of a version of E that runs across the net but
>>not strongly secure.
>I agree with MarcS on this point. The question is, what does "strongly
I also concur with Marc that caving in on this issue is a "bad thing",
particularly given that security is one of the few value-add claims which E
is making. I think that "strongly secure" means supporting, via strong
cryptography, both privacy and authentication. The latter is not a problem
for export, but the former is taboo. It has been a while since I did much
deep digging into where E uses crypto and I am wondering if Bill might be
able to explain better where the options exist for plug-in crypto?
Specifically I am thinking that perhaps one option would be to pull all
crypto into a single point and distribute a system domestically which has
everything enabled and one to non-US residents which only has authentication
(offering weak crypto here would be an option, but a bad one since it would
be better IMHO not to even pretend that 40-bit is secure and remove any
incentive for people to migrate to this lowest common denominator.) Non-US
users would be able to replace this crypto plug-in with Cryptix or any other
implementation which fits...