[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions




> >I suspect Jim is right and there are many who share this position - i.e.
> >we need exportable version but hate to admit it since it's so crazy...

> 	1) Exportable crypto is breakable crypto.

Small but critical correction: exportable _encryption_ is breakable.

And, I don't want us to standardize anything breakable.

BUT we can have strong exportable _authentication_ (this already exists in
products!).

My suggestion: standard complying should require only strong authentication;
encryption (strong or silly) should be only an option. Namely, ESP should not
be a requirement (for IPSP in IPv4 or for IPv6).

If one does implement ESP, I agree that strong encryption would be required.

Best, Amir




References: