Re: ICMP Security Failures

[Bill Sommerfeld <sommerfeld@apollo.hp.com>]

-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

   PS - Implementations that allow multiple encapsulation (ESP/ESP/IP, or 
   ESP/ESP/ESP/IP, etc.) may not be exportable as a product from the US.  
   Exportable implementations may be required to block ESP over ESP :-( 

Exportable implementations will probably not be allowed to implement
ESP at all since single-DES CBC is the mandatory ESP transform and
single-DES itself is not exportable.

Given the requirement that ESP support manual keying, a conformant
implementation woulld also not likely be exportable under the proposed
(but hopefully irrelevant) "software key escrow"/"Clipper II"
regulations.

BTW, given recent talks with the export control folks: they would probably 
attempt to prevent export of ESP implementations which only supported ROT-13 
if they were too easy to modify to add other algorithms..

					- Bill





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMNnLIlpj/0M1dMJ/AQGxNAP+KxQnsT1FFv62AnnRsSwq0NtQBHYhMoSB
+JDNTjGIYmtBeNu2rIcoRCHNwsJD3HfPkEn/Ml15ive0vY/2voLNwpQkPL8MSXIX
ojPzKQl21Gqze4HuTBKaIoTtE0Yfc+UNaZBf1qUtutzCvkItJHi1/NhzkJSmmAFV
GcjnhrNJHy8=
=egTK
-----END PGP SIGNATURE-----

---

Follow-Ups:

• Re: ICMP Security Failures
• From: Todd Graham Lewis <todd@wooster.org>

References:

• Re: ICMP Security Failures
• From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>

---

• Prev by Date: Fwd: Proposed PAR for 802.10i
• Next by Date: ESP over ESP was Re: ICMP Security Failures
• Prev by thread: Re: ICMP Security Failures
• Next by thread: Re: ICMP Security Failures
• Index(es):
  • Main
  • Thread