[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESP over ESP was Re: ICMP Security Failures




 
Bill, 
 
It is a common misconception that DES is not exportable: 
 
>Exportable implementations will probably not be allowed to implement 
>ESP at all since single-DES CBC is the mandatory ESP transform and 
>single-DES itself is not exportable. 
 
DES is exportable (from the US) with a license to 51% US owned companies, 
banks and financial institutions and many other specific applications on a 
case by case basis. 
 
ESP implementing only 40 bit RC4 (of course this is not quite compliant with 
the mandated implementation of single-DES) would be exportable, but only if 
the implementation prevented multiple ESP transforms. 
 
I do not mean to belabor the export issues, but only wanted to point out that 
"commercial US" implementations may need to selectively block ESP running over 
ESP (selectively since it would be all right in the US or with special 
licenses).   
 
Paul 
 
 
-------------------------------------------------------------- 
Paul Lambert                     Director of Security Products 
Oracle Corporation                       Phone: (415) 506-0370 
500 Oracle Parkway, Box 659410             Fax: (415) 413-2963 
Redwood Shores, CA  94065               palamber@us.oracle.com 
-------------------------------------------------------------- 
  




Follow-Ups: