[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ICMP Security Failures
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
PS - Implementations that allow multiple encapsulation (ESP/ESP/IP, or
ESP/ESP/ESP/IP, etc.) may not be exportable as a product from the US.
Exportable implementations may be required to block ESP over ESP :-(
Exportable implementations will probably not be allowed to implement
ESP at all since single-DES CBC is the mandatory ESP transform and
single-DES itself is not exportable.
Given the requirement that ESP support manual keying, a conformant
implementation woulld also not likely be exportable under the proposed
(but hopefully irrelevant) "software key escrow"/"Clipper II"
regulations.
BTW, given recent talks with the export control folks: they would probably
attempt to prevent export of ESP implementations which only supported ROT-13
if they were too easy to modify to add other algorithms..
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMNnLIlpj/0M1dMJ/AQGxNAP+KxQnsT1FFv62AnnRsSwq0NtQBHYhMoSB
+JDNTjGIYmtBeNu2rIcoRCHNwsJD3HfPkEn/Ml15ive0vY/2voLNwpQkPL8MSXIX
ojPzKQl21Gqze4HuTBKaIoTtE0Yfc+UNaZBf1qUtutzCvkItJHi1/NhzkJSmmAFV
GcjnhrNJHy8=
=egTK
-----END PGP SIGNATURE-----
Follow-Ups:
References: