> > In my experience if you just refer to the SSL/TLS spec you're fine.
>
>Really? Even if you don't specify any algorithms or key lengths in detail?
Yeah. We just said RSA key exchange (512 through 2048 bits typical)
for symmetric encryption key. For details, see RFC nnnn.
>Where did you get that from? Maybe I'm out of the loop, but last I checked,
> a product with encryption hooks was an encryption product.
But there's nothing to fill out. Take the forms at face value, you
have nothing to fill out.
The old days of NSA experts evaluating every crypto-like thing are gone.
It's all Dept of Commerce, and they don't care about crypto with a hole.
> Wow, your experiences are totally different from mine. Or maybe I just did
> more than I had to.
:)
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
