On 08/09/2011, at 11:31, Lucky Green <[email protected]> wrote:
> The SSL/public CA model did an admirable job in that regard and Taher > ElGamal and Paul Kocher deserve full credit for this accomplishment. As long as we can document that original model, I'm inclined to agree. > SSL's design goals explicitly excluded protection against national > government security and law enforcement entities. Indeed, SSL original > design contains a wide selection of features exclusively geared towards > facilitating interception by governmental entities. RC4-40 being one > such feature. Reverse engineering the design strongly suggests this requirement. What we lack is evidence. > With 40-bit crypto as the designated burst plate, there was no sound > engineering reason to fortify the rest of the plumbing to withstand the > pressures generated by national government level adversaries. Is there any documentation that bears this out? Any testimony? It would be useful to have, as the meta-CAs have struggled to publically document requirements here, and thus created unnecessary wheel-spinning ... Eg the CNICC affair. Iang _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
