Bill Frantz wrote:
>At 06:04 PM 11/20/98 -0700, Marc Stiegler wrote:
>>btw, I oppose the release of a version of E that runs across the net but
is
>>not strongly secure.
>
>I agree with MarcS on this point. The question is, what does "strongly
>secure" mean.
I also concur with Marc that caving in on this issue is a "bad thing", particularly given that security is one of the few value-add claims which E is making. I think that "strongly secure" means supporting, via strong cryptography, both privacy and authentication. The latter is not a problem for export, but the former is taboo. It has been a while since I did much deep digging into where E uses crypto and I am wondering if Bill might be able to explain better where the options exist for plug-in crypto? Specifically I am thinking that perhaps one option would be to pull all crypto into a single point and distribute a system domestically which has everything enabled and one to non-US residents which only has authentication (offering weak crypto here would be an option, but a bad one since it would be better IMHO not to even pretend that 40-bit is secure and remove any incentive for people to migrate to this lowest common denominator.) Non-US users would be able to replace this crypto plug-in with Cryptix or any other implementation which fits...
jim