[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public key crypto

Date: Sat, 11 Jan 1997 02:18:37 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: Public key crypto

Kent,


Kent Crispin wrote:
> 
> Rick H. Wesson allegedly said:
> >
> > On Jan 10,  5:38pm, Kent Crispin wrote:
> > > Subject: Re: Public key crypto
> >
> > [snip]
> >
> > > 4) PGP is used only for authentication, not encryption.  In some
> > > jurisdictions that makes a difference.
> >
> > It doesn't matter in france, So you are saying there won't be any
> > registrys in France? Bad idea.
> 
> My understanding is that *private* encryption is illegal in France.
> It is possible for commercial entities to get permits.

  This is true currently.
> 
> [...]
> 
> > Still what will a registry in any country outside of the USA
> > use for processing requests? The International version of PGP is
> > illegal  to use for commercial purposes anywhere.

  It can be used in the US and Canada if the RC4 or RC2 or DES
encryption or authentication routines are not used and that the 
key size is no larger than 56bits.
> 
> I don't believe this is true.  pgp2.6.3i has no restrictions on
> commercial use, if you license IDEA.  See
> 
> http://www.ifi.uio.no/~staalesc/PGP/FAQ.shtml#License
> 
> However, you can't use it in the US (and probably Canada) for any
> purpose, private or commercial, because it doesn't use RSAREF.
> 
> So you use Viacrypt (PGP, Inc) pgp in the US and Canada, and pgp2.6.3i
> in the rest of the world.

  Not for import.
> 
> > > If you want to be able to authenticate registrars you have legal
> > > issues.  If you don't authenticate registrars you have other problems
> > > to deal with.
> >
> > Correct so what are ways that these messages can be securely authenticated,
> > w/o useing pgp?
> 
> Using PGP is not a problem.  It is the most widely available piece of
> authentication software available, and it is pretty close to free.

  It is nearly free.  But could not be used for any international 
authentication perposes for export to or from the US and Canada.
> 
> But it is clunky to use it in a program, there is no doubt about that.
> There some alternatives (PGPtools, hack the PGP source, etc) but the
> licensing issues aren't as clear then.  If I knew of a better
> alternative I would have used it...one possibility is to license
> RSAREF -- something I would investigate for a future version, for
> sure.

  SSL V3 and Besafe are also alternitives that could be used.
> 
> One of the basic design features of the registry code I wrote is that
> it has signed certificates that can be saved in files and used to
> enforce non-repudiation.  You get a lot of power from that, and there
> aren't too many alternatives available.

  There are at least 5 alternitives that I can think of off hand.
SSL v3, Besafe, Stronghold, PCT1 v2, and SSLeah.

  SSL v3 and Besafe are very popular in europe.

Regards,
-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. 
Phone :972-447-1878
E-Mail jwkckid1@ix.netcom.com

Follow-Ups:
- Re: Public key crypto
  - From: Kent Crispin <kent@songbird.com>

References:
- Re: Public key crypto
  - From: Kent Crispin <kent@songbird.com>

Prev by Date: Re: Public key crypto
Next by Date: Re: Public key crypto
Prev by thread: Re: Public key crypto
Next by thread: Re: Public key crypto
Index(es):
- Date
- Thread