[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ESP over ESP was Re: ICMP Security Failures
Bill,
It is a common misconception that DES is not exportable:
>Exportable implementations will probably not be allowed to implement
>ESP at all since single-DES CBC is the mandatory ESP transform and
>single-DES itself is not exportable.
DES is exportable (from the US) with a license to 51% US owned companies,
banks and financial institutions and many other specific applications on a
case by case basis.
ESP implementing only 40 bit RC4 (of course this is not quite compliant with
the mandated implementation of single-DES) would be exportable, but only if
the implementation prevented multiple ESP transforms.
I do not mean to belabor the export issues, but only wanted to point out that
"commercial US" implementations may need to selectively block ESP running over
ESP (selectively since it would be all right in the US or with special
licenses).
Paul
--------------------------------------------------------------
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 413-2963
Redwood Shores, CA 94065 palamber@us.oracle.com
--------------------------------------------------------------
Follow-Ups: