[3506] in cryptography@c2.net mail archive
Re: Netscape Wants MS to Weaken IE's SSL/RSA Handshake for Export
daemon@ATHENA.MIT.EDU (Eric Young)
Sat Oct 17 21:44:14 1998
Date: Sun, 18 Oct 1998 11:09:46 +1000 (EST)
From: Eric Young <eay@cryptsoft.com>
To: EKR <ekr@rtfm.com>
cc: Vin McLellan <vin@shore.net>, cryptography@c2.net
In-Reply-To: <kj67dke4ne.fsf@speedy.rtfm.com>
On 16 Oct 1998, EKR wrote:
> Now along comes SSLv3. SSLv3 includes an ephemeral RSA key feature,
> which means that you can use a 1024 permanent key for authentication
> but a 512 bit key for key exchange. IIRC Kocher added this feature
> because he wanted it to be easy to get CJ but he didn't think 512 was
> good enough. No (export) SSLv3 implementation that I know of will
> accept a 1024 bit key for key exchange.
I always made this just a server implementation issue. If the client gets
an RSA key, it will use it reguardless of length. I also implemented no check
for the ephemeral RSA key, which in theory for SSLv3, could be any size, if it
was used with a non-export cipher but a signing only server key (I cannot
remember off the top of my head if TLS still allows this).
So, anyway, anything based on SSLeay will not send a >512 bit key from a
server doing an export cipher, but the clients will accept anything. This is
the model that seems to make the most sense. Obviously WebSite was not using
the Ephemeral RSA stuff for > 512 bit RSA, and netscape has decided to become
pedantic about it.
eric
