Manditory DES was - Re[2]: IPv6 Security Last

[Paul_Lambert-P15452@email.mot.com]

>> >I suspect Jim is right and there are many who share this position - i.e.
>> >we need exportable version but hate to admit it since it's so crazy...
>
>>  1) Exportable crypto is breakable crypto.
>
>Small but critical correction: exportable _encryption_ is breakable.


No, not all exportable encryption is easily breakable.  It is true that strong 
cryptography is difficult to field internationally.  Our working group should 
recommend the best security solutions possible.


>My suggestion: standard complying should require only strong authentication;
>encryption (strong or silly) should be only an option. Namely, ESP should not
>be a requirement (for IPSP in IPv4 or for IPv6).
>
>If one does implement ESP, I agree that strong encryption would be required.
>
>Best, Amir

Implementations that do not fully conform to a specification can always 
document where they are non-conformant (e.g.  complies to specification except 
for rot8 in place of DES-CBC).  At a minimum the specification must create 
products that clearly identify their capabilites (a truth in advertising goal).  
Documenting a small set of manditory features and limiting options helps meet 
these goals.  Exceptions are more likely to be clearly documented then 
additonal optional features.

DES should be manditory.



Paul

---

• Prev by Date: Re: IPv6 Security Last Call Initial Questions
• Next by Date: Re: (IPng) new Photuris draft available for ftp
• Prev by thread: Re[2]: Proposals for key-ed MD5
• Next by thread: Re: fast re-keying
• Index(es):
  • Main
  • Thread