"William H. Geiger III" wrote:
>
> I am *strongly* in favor in disabling all export ciphersuites. There is
> just no use for them. Netscrape, Micky$loth, & RSADSI may have no problem
> selling false security to their customers, IMHO the OpenSSL group should
> be above this.
>
> I really think that a quick end could be brought to the export issue if a
> few people overseas sued these companies for fraud.
I have no interest in starting a flame war with you about the value of
exportable cryptography, but I'm stupid, so I'm going to open my mouth anyway.
I think your view only makes sense if you are only interested in protecting
yourself against entities who have $100,000 (or $50,000, or whatever) to build
a DES cracking machine. If, on the other hand, you're also worried about 12
year old kids who pass around lists of credit card numbers, then exportable
crypto is useful to you. While the first group may be more scary to you, most
people only care about the second group. Which is not to say that you're wrong
about your priorities, but other people, rightly or wrongly, have different
ones.
Despite your contempt for Netscape and Microsoft, they do, in fact, sell strong
crypto products where they are able to. If the CEOs of these companies went to
their boards of directors and told them that they were going blow off the
entire international market because they didn't want to put export grade crypto
into their products, they'd be out of their jobs faster than you could say
"stockholder lawsuit."
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | [EMAIL PROTECTED]
transcending structure. -- The Tao of Programming |
