I was led by this Tweet to have a peek at the Draft EU–UK Trade Cooperation Agreement and can confirm that on p. 931 (not p. 921), under ‘Protocols and Standards to be used for encryption mechanism: s/MIME and related packages’, there is this:
The underlying certificate used by the s/MIME mechanism has to be in compliance with X.509 standard. In order to ensure common standards and procedures with other Prüm applications, the processing rules for s/MIME encryption operations or to be applied under various Commercial Product of the Shelves (COTS) environments, are as follows:
– the sequence of the operations is: first encryption and then signing,
– the encryption algorithm AES (Advanced Encryption Standard) with 256 bit key length and RSA with 1024 bit key length shall be applied for symmetric and asymmetric encryption respectively,
– the hash algorithm SHA-1 shall be applied.
s/MIME functionality is built into the vast majority of modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x and inter-operates among all major email software packages.
Two things have always puzzled me about the UK’s approach to getting some sort of a deal with the EU.
There are two Davids, Davis and Frost, no relation to the TV producer and TV host. As far as I can tell, despite knowing that the transition period would end on January 1, 2021, failed to do anything toward advancing a deal with the EU, so that the British people know there are new rules, but not what they are. The British taxpayer would be right to question just what their pounds have been doing.
If I may use an analogy: there’s an exam and the set date was given but no one has done any swotting. Messrs Davis and Frost haven’t even done the coursework and sat in the lectures and tutorials blankly.
The person who has done the least is Alexander Boris de Pfeffel Johnson, the British prime minister, who stumbled in to the exam room at the last minute without knowing the subject.
But never mind, sneaked into the room with his clobber is an earlier graduate’s paper! Surely he can plagiarize some of the answers out of that should the same questions arise!
I don’t know much about SHA-1 hash algorithms but the original Tweeter informs us that this had been ‘deprecated in 2011’ as insecure. However, I can cast my mind back to when ‘Netscape Communicator 4.x’ was my browser of choice, and that was 1998–2001. (I stuck with Netscape 4·7 for a long time, as 6 was too buggy, and in 2001 a friend gave me a copy of Internet Explorer 5, which I then used in Windows. This pre-dates this blog, hence Netscape is not even a tag here.)
This is a comedy–tragedy from the land of Shakespeare, and I wonder if it means that the British government is expecting things to get so bad that they will have to wind up using computer software from 20 years ago.
Or they just couldn’t be arsed over the last four years (yes, count ’em!) to do any real work, and hoped that no one would read the 1,259 pp. to find the mistakes.
To conclude, another bad analogy: it’s not really oven-ready despite all this time baking. However, it appears the ingredients aren’t as fresh as we were led to believe. The proof of the pudding will be in the eating.