Re: IPv6 Security Last Call Initial Questions

[Theodore Ts'o <tytso@MIT.EDU>]

   Date: Fri, 31 Mar 95 12:05:27 -0500
   From: bound@zk3.dec.com

   If we could get past this I and others would join you and others and go
   build the best damn security for the Internet possible (I also hope the
   Internet does not get regulated in the U.S. either).  Would that not be
   a good thing to do?  Change MUST to SHOULD for DES.  I will even accept
   MUST for MD5 for authentication as that has no export issue.

There has already been significant community conensus --- beyond this
working group, as this is a general IETF issue --- that we should not
take into account export issues, which tend to be very country specific(*),
when deciding which technologies we should standardize on.  Furthermore,
we must require at least one algorithm so that we can guanratee
interoperability.

You seem to be the only one argueing for making DES optional....

						- Ted


(*) Remember, the IETF is an international, technical organization.  If
a particular country wishes to make its companies suffer under a
competitive disadvantage compared to the rest of the world, that's that
country's business, not the IETF's.  If one lives in such a country, and
is concerned about such stupidity, I would encourage that person to
write to his or her governemnt representatives.  But that is *not* a
matter for the IETF.

---

References:

• Re: IPv6 Security Last Call Initial Questions
• From: bound@zk3.dec.com

---

• Prev by Date: Re: IPv6 Security Last Call Initial Questions (per user keying)
• Next by Date: Re: IPv6 Security Last Call Initial Questions (per user keying)
• Prev by thread: Re: IPv6 Security Last Call Initial Questions
• Next by thread: Re: IPv6 Security Last Call Initial Questions
• Index(es):
  • Main
  • Thread