[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions

>Now, I can well believe that 40 bits is Good Enough for many purposes,
>but it seems to me that it would be easily strengthened if salt were added
>to the datagrams. 

	If you strengthen it to beyond "slightly better than ROT13"
strength, rest assured it will not pass muster for export control.
I'm also not convinced that export permission will be granted for
IP encryption *EVEN* if the cryptosystem is a toy. Widely deployed
toy crypto is still a pain to sort through. The current export control
regs have had a terrific cooling effect on *any* commercial deployment
of crypto, as they were intended to -- it was the threat of *widespread*
deployment of crypto that brought us the wiretapping bill and Clipper.

	In other words, don't assume that just because IBM thinks
they can get their toy crypto exported [One of our guys here points
out that he believes that is not a "done deal" yet] for their
purposes, it may not equate to a blanket permission amounting to
"here, go ahead and encrypt all your IP packets."

	Export control is the catch-22. If the decision is to
standardize on toy crypto to meet export control regs, then you
can rest assured that all this effort (and Email) will be wasted,
since nobody will deploy it who needs it, and if it's widely
deployed and the intelligence community/law enforcement realize
that a lot of toy crypto is still tough to deal with, they'll
pull the plug. Vendors who settle for low-quality crypto in an
attempt to be able to bring stuff to market are being short-sighted
in following the percieved path of least resistance. There *IS*
no path of least resistance.