Nelson Bolyard wrote: > Paul Hoffman wrote: >> Proposal: >> a) Completely turn off the ability to encrypt with RC2/40 unless there >> is no strong algorithm.
What do you mean here ? RC2/40 will already be choosen only if TB believe (wrongly in that case) there's nothing else available. It could do the same as Fx 2.0 for ssl, where rc2/40 is disabled by default but can be reenabled with a hidden option if you *really* need it. 56 bits receives the same treatment. >> b) Every time you are about to encrypt with RC2/40, warn the user, >> including an explanation of how Tb got to this point in the logic chain. That's what the navigator used to do for 40 bits encryption in the past (but without much explanation). _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
