Announcing E v0.7.2 (javadoc & zips still missing)

[Jim McCoy]

Bill Frantz wrote:

>At 06:04 PM 11/20/98 -0700, Marc Stiegler wrote:
>>btw, I oppose the release of a version of E that runs across the net but
is
>>not strongly secure.
>
>I agree with MarcS on this point.  The question is, what does "strongly
>secure" mean.

I also concur with Marc that caving in on this issue is a "bad thing",
particularly given that security is one of the few value-add claims which E
is making.  I think that "strongly secure" means supporting, via strong
cryptography, both privacy and authentication.  The latter is not a problem
for export, but the former is taboo.  It has been a while since I did much
deep digging into where E uses crypto and I am wondering if Bill might be
able to explain better where the options exist for plug-in crypto?
Specifically I am thinking that perhaps one option would be to pull all
crypto into a single point and distribute a system domestically which has
everything enabled and one to non-US residents which only has authentication
(offering weak crypto here would be an option, but a bad one since it would
be better IMHO not to even pretend that 40-bit is secure and remove any
incentive for people to migrate to this lowest common denominator.)  Non-US
users would be able to replace this crypto plug-in with Cryptix or any other
implementation which fits...

jim