I must say that I derive a certain sense of gratification from reading Microsoft's product announcement. We *have* made progress: "Answer: Instead of releasing two versions (40 bit and 128 bit) of Internet Explorer 5, this new version of Internet Explorer has been released with the 128 bit encryption built right in as a helpful, time-saving service to all of our customers". In fact, the "helpful, time-saving service to all of our customers" line is downright making me chuckle. Folks, Microsoft is *obsoleting* weak crypto in their browsers. You want weak crypto? You will find and install an obsolete version of a browser that's no longer even being distributed. This is a Good Thing. The last year has brought major changes in how strong crypto is being integrated into operating systems and applications. The Windows 2000 release date didn't quite leave enough time to include strong crypto by default since the regs had changed, but if you ever run Windows Update (which you should to do anyway periodically to load vendor security patches), it will prompt you to install the 128 bit upgrade. Wanna bet the first Windows 2000 service pack will include a 128 bit upgrade by default? As for the free operating systems, the various *BSD seem to now ship with strong crypto. I don't know what the situation is in the Linux world, but I hope they aren't trailing far behind. And if they are trailing behind, then probably not for long. Apple seems to be lagging a bit behind the crypto curve and their abysmal choice of selecting 40 bit crypto and a non-standard hash function for their AirPort IEEE 802.11 products will probably haunt them for years to come, but I certainly have my hopes up that these screw-ups will be fixed with the release of OS X. In addition, strong crypto is creeping into the OS from another, so far unnoticed by all but a few, direction: the recent releases of several *BSD all include IPv6 stacks with *mandatory* support for IPSEC. In addition, MSFT just moved their IPv6 stack from research status to technology preview. They are even providing an IPv6 code migration tool. While the current rev of the Microsoft stack doesn't support IPSEC, there is little doubt that the release version will. IPv6 is clearly on the release track over there at Microsoft. Other OS vendors should pay attention... Now some will say that IPv6 may never happen. They don't know what they are talking about. The major growth in Internet access devices will not come from personal computers. In fact, there is a good chance that within 5 years PC's will be in the minority. The growth will come from wireless access devices, such as mobile phones and PDA's. There are some 250 million PC's (or users, depending on who you ask) connected to the Internet worldwide. There are 450 million digital mobile phones. Every single one of them will need an IP address before long. You do the math. In my day job, I have talked with numerous customers over the last 6 months that each are looking to roll out ten's of millions of new devices, mostly in Europe, that provide Internet access. Now one certainly could go to RIPE and ask for 10 million IPv4 addresses. But asking for those addresses isn't going to get you anywhere than perhaps to a quiet place in the countryside where the men in white suits are taking care of your every needs... So IPv6 will happen. And the stacks will support IPSEC. Out of the box. It is all good, --Lucky Green <[EMAIL PROTECTED]> "Among the many misdeeds of British rule in India, history will look upon the Act depriving a whole nation of arms as the blackest." - Mohandas K. Gandhi, An Autobiography, pg 446 http://www.citizensofamerica.org/missing.ram > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of Bill Stewart > Sent: Wednesday, March 29, 2000 01:05 > To: Multiple recipients of list > Subject: Re: IE5 for Mac only available with 128 bit SSL > > > At 11:53 PM 03/28/2000 -0800, Marshall Clow wrote: > >They didn't make a 40 bit version. > > > >For meaningless blather, see > > <http://www.microsoft.com/Mac/download/EN/iefaqEN.asp#12> > > Yahoo! Microsoft finally making the right security decision! > Of course, previous versions of IE have had many blatant security > problems, but at least they're getting this part right. > > > > > Thanks! > Bill > Bill Stewart, [EMAIL PROTECTED] > PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639 > > >
