Re: Open Source Embedded SSL - Export Questions

2003-11-29 Thread Bill Stewart
At 02:45 PM 11/27/2003 +1100, Greg Rose wrote: At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote: RC4 is extremely weak for some applications. A block cipher is greatly preferable. I'm afraid that I can't agree with this howling logical error. RC4 is showing its age, but there are other stream

Re: Open Source Embedded SSL - Export Questions

2003-11-27 Thread Greg Rose
At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote: RC4 is extremely weak for some applications. A block cipher is greatly preferable. I'm afraid that I can't agree with this howling logical error. RC4 is showing its age, but there are other stream ciphers that are acceptable, and there are

Re: Open Source Embedded SSL - Export Questions

2003-11-27 Thread Thor Lancelot Simon
On Thu, Nov 27, 2003 at 02:45:47PM +1100, Greg Rose wrote: At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote: RC4 is extremely weak for some applications. A block cipher is greatly preferable. I'm afraid that I can't agree with this howling logical error. RC4 is showing its age, but there

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Bill Tompkins
On Mon, 2003-11-24 at 21:06, J Harper wrote: ...snip... We're not looking for official legal advice, just some pointers to current online resources of how to go about registering our product in the US. I've seen posts that for SSL implementations you just need to send a letter to the

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread J Harper
Markowitz [EMAIL PROTECTED] To: J Harper [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 5:23 PM Subject: Re: Open Source Embedded SSL - Export Questions J Harper wrote: pointers to documentation on the steps required for government registration The official site

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Rich Salz
We've implemented a small version of SSL that we plan to release as open source by year's end. Great! We're not looking for official legal advice, just some pointers to current online resources of how to go about registering our product in the US. http://www.bxa.doc.gov/Encryption; Google

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], J Harper writes: SSLv3 protocol implementation Simple ASN.1 parsing Cipher suites: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA I understand the need to conserve space; that said, I strongly urge you to consider AES as

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Thor Lancelot Simon
On Wed, Nov 26, 2003 at 02:56:40PM -0800, J Harper wrote: Great feedback, let me elaborate. I realize that AES is implemented in hardware for many platforms as well. I'll mention a bit more about our cryptography architecture below. Do you know why AES is so popular in embedded? ARC4 is

Re: Open Source Embedded SSL - Export Questions

2003-11-26 Thread Sidney Markowitz
As a separate issue from whether you want to implement AES, if you do decide to implement it look at Brian Gladman's code at http://fp.gladman.plus.com/cryptography_technology/rijndael/ It is the fastest free implementation of AES that I know of, and has a good history and credentials behind

Open Source Embedded SSL - Export Questions

2003-11-25 Thread J Harper
Hi All, We've implemented a small version of SSL that we plan to release as open source by year's end. I've seen some discussion on this group indicating that this would be useful in the embedded environments, given the current landscape of larger implementations such as OpenSSL (Crypto++,