In <[EMAIL PROTECTED]>, on 06/25/99
at 12:23 PM, Ben Laurie <[EMAIL PROTECTED]> said:
>Adam Back wrote:
>> My arguments that adding broken ciphersuites to an IETF standard was
>> in direct and obvious violation of RFC 1984 fell on deaf ears, as
>> Netscape, microsoft and even openSSL (in the form of Ben Laurie)
>> busily rushed and implemented the proposed broken ciphersuites.
>OpenSSL has them disabled by default. But I am torn on this question:
>these new ciphersuites give greater strength than existing ones when
>interopping with export stuff. Is it sensible to refuse to add stronger
>ciphersuites? If it isn't, because they are crap, should we (the OpenSSL
>team) disable _all_ export ciphersuites?
I am *strongly* in favor in disabling all export ciphersuites. There is
just no use for them. Netscrape, Micky$loth, & RSADSI may have no problem
selling false security to their customers, IMHO the OpenSSL group should
be above this.
I really think that a quick end could be brought to the export issue if a
few people overseas sued these companies for fraud.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------
