More on fortifying Lotus Notes
David Parkinson
dparkins at alien.bt.co.uk
Mon, 07 Jun 1999 12:26:48 +0100
At 11:27 07/06/99 +0100, Ben Laurie wrote:
>David Parkinson wrote:
>>
>> At 16:50 06/06/99 +0100, Ben Laurie wrote:
>> >That's a general requirement for export. Until recently, that is. 1024
>> >bit keys are now permitted. As are 56 bit symmetric keys.
>>
>> According to my print out of the Dual-Use List, category 5, Part 2:
>>
>> [...controlled items include...]
>> A "symmetric algorithm" employing a key length in excess of 56-bits;
>> An "Asymmetric algorithm" where the security of the algorithm is based
>> on.....Factorisation of Integers in excess of 512 bits (eg RSA).
>>
>> i.e. 56-bit symmetric ok, 1024 RSA still a no-no.
>>
>> However if we look at Note 3 (The Cryptography Note), we find there is
>> no mention of "asymmetric algorithms", just symmetric.
>> Could be read as "mass-market" products (such as Lotus Notes(?), Netscape,
>> IE5, Exchange) can employ 64-bit symmetric keys with RSA >512 bits?
>
>I'm talking about US export, not EU export (since Lotus is a US
>company).
>
I was quoting from the Wassenaar Arrangement <www.wassenaar.org> of
which the US is a signatory along with other non-EU countries.
Regards
David