[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ESP over ESP was Re: ICMP Security Failures
Ted, you are right ...
> A product containing DES for the purposes of data hiding will
> generally not be eligible for an export license which permits
> the product to the general public outside of the United States.
Multiple encryption seems to be considered by the reviewing bodies to be more
"dangerous" than DES. So:
An implementation of ESP that supports the recursive encapsulation
of ESP will generally not be eligible for an export license which
permits the product to the general public outside of the United States.
Our dialog here seems to be "flogging the dead horse of US export policy"...
export of "good" encryption is possible, but not to the masses.
To attempt to add a little value to this thread ... there was yet another NIST
sponsored escrow/export meeting December 5. Minor modifications were made to
the "Draft Software Key Escrow Encryption Export Criteria". The criteria
promise to ease export if vendors institute escrow. Even with escrow, the
criteria still limit key length to 64 bits :-( The criteria are avaialble at
a NIST web site. After having heard (?) comments on the criteria the U.S.
Department of State "anticipates issuing guidance incorporating these
criteria, revised as appropriate based upon today's (Dec. 5) meeting, in early
1996."
Paul
--------------------------------------------------------------
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 413-2963
Redwood Shores, CA 94065 palamber@us.oracle.com
--------------------------------------------------------------
Follow-Ups: