[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST involvement in PKI

  I can't think of a single case where a spec was good enough to ensure
  interoperability -- bake-offs, connect-a-thons, etc., are always necessary.
  It's often faster to just have everyone use/buy the same source base.
  The value of freely-available reference source cannot be underestimated.

I kind of agree and disagree. Certainly in the early days, having one
coderelease anybody can grab facilitates things. Getting all bugs ironed
out ultimately needs discrete code development.

In this case, politics means unless NIST accepts a totally offshore codebase
its not going to be one package. If the alternate is for NIST to release
code which is RC4/40 or DES-56 to get export approval would they do that?

I suspect not. Anyway, even DES-56 is going to require approval. RC4/40
netscape managed to get through.

Do they allow hooks purely for authentication appears to be a key issue.
You seem to be saying No, if there is any way that can leverage generalized
encryption capability. 

George Michaelson         |  connect.com.au pty/ltd
Email: ggm@connect.com.au |  c/o AAPT,
Phone: +61 7 3834 9976    |  level 8, the Riverside Centre,
  Fax: +61 7 3834 9908    |  123 Eagle St, Brisbane QLD 4000