More on fortifying Lotus Notes

[Ben Laurie]

Duncan Campbell wrote:
> Another Lotus NSA-friendly point :  The International Edition is limited to
> 512 bit RSA keys for data confidentiality (ie, the session generating and
> passing the bulk data key.

That's a general requirement for export. Until recently, that is. 1024
bit keys are now permitted. As are 56 bit symmetric keys.

In the case of SSL/TLS certs can have bigger keys, but an ephemeral 512
bit key is generated to secure the sessions. Because of the cost of key
generation, this key is typically reused for many sessions.

TLS has grown some new ciphersuites to support the relaxed restrictions,
BTW. I think MS even shipped them in MSIE5 (but I could be wrong).

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi