[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Manditory DES was - Re[2]: IPv6 Security Last
>> >I suspect Jim is right and there are many who share this position - i.e.
>> >we need exportable version but hate to admit it since it's so crazy...
>
>> 1) Exportable crypto is breakable crypto.
>
>Small but critical correction: exportable _encryption_ is breakable.
No, not all exportable encryption is easily breakable. It is true that strong
cryptography is difficult to field internationally. Our working group should
recommend the best security solutions possible.
>My suggestion: standard complying should require only strong authentication;
>encryption (strong or silly) should be only an option. Namely, ESP should not
>be a requirement (for IPSP in IPv4 or for IPv6).
>
>If one does implement ESP, I agree that strong encryption would be required.
>
>Best, Amir
Implementations that do not fully conform to a specification can always
document where they are non-conformant (e.g. complies to specification except
for rot8 in place of DES-CBC). At a minimum the specification must create
products that clearly identify their capabilites (a truth in advertising goal).
Documenting a small set of manditory features and limiting options helps meet
these goals. Exceptions are more likely to be clearly documented then
additonal optional features.
DES should be manditory.
Paul