[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public key crypto

Date: Fri, 10 Jan 1997 21:00:49 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: Public key crypto

Dave,

  As I pointed out befor there several other alternitives (See
Archives).

  One might be considering PCT1 version 2.0.  Another might be SSL v3.0.

  Either of these would provide you with both authentication and/or
encryption as dependant on your implimentation.  I have imlimented 
both, and in the case of SSL is very widely used.  Both a international
and domestic version are avalible for implimentation.

  Another option would be BSAFE, again both a international and domestic
version are avalible.  Authentication without encryption can be 
implimented.

  Another might be Stronghold, and yet again there are both a
international
and domestic version. Authentication without encryption can be 
implimented.

  All of the above I have already outlined at great length befor, if you
cared to read it (See archives).  However if you like I can provide 
a informational outline as to their use and implimentation.

davidk@ISI.EDU wrote:
> 
> Jeff,
> 
> > Jeff Williams writes :
> >
> >   I attempted to make this point some time earlier (See archives), at
> > great length.
> 
> We are all aware of the fact that you try to point out anything in great
> length even when it was said before ... ;-).
> 
> It might have been nice if you could have come up with an alternative
> this time then.
> 
> > It seems that there is a missconception as to the use
> > of certain Authentication mechinisms, PGP in particular.  Key lengths
> > will not allow PGP to be used for commercial perposes outside the
> > US and Canada for export.  I don't know how many times I have pointed
> > this out and where to find the information...  Oh well...
> 
> Why aren't we then a little bit more creative ?!? I am sure that we can
> come up with other schemes or mechanisms to make sure that we can use a
> secure transaction mechanism. We could move the whole repository outside
> the US with software that is made outside the US since import of
> encryption software is allowed ... We could try to find authentication
> (we don't need encryption) software that is created outside the US ... We
> could use other mechanisms that are less secure but can do the job
> (example: a token exchange or an ACK message mechanism).
> 
> This doesn't change anything about the mechanisms as discussed on this
> list. It doesn't matter that much if you use a public PGP key, public
> OUTSIDE_THE_US_PRODUCED key, a token or an ACK mail address. May be we
> need to support even more then one mechanism to allow participation of
> all countries.
> 
> David K.
> ---
Regards,
-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. 
Phone :972-447-1878
E-Mail jwkckid1@ix.netcom.com

References:
- Re: Public key crypto
  - From: davidk@ISI.EDU

Prev by Date: Re: Public key crypto
Next by Date: Re: Transfering a domain
Prev by thread: Re: Public key crypto
Next by thread: Re: Public key crypto
Index(es):
- Date
- Thread