[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ICMP Security Failures
Attention: NSA start quoting here for my indictment:
I am pretty sure that I already know what the answer would be, but what
if some hypothetical individual were working on a freely-distributable
Linux ESP implementation that, say, included _no_ implementations but was
easily extensible? I hate to clutter the list with politico-crypto-flame
bait, but would this fall under the range of the "permissible"?
Todd Graham Lewis
todd@wooster.org
On Thu, 21 Dec 1995, Bill Sommerfeld wrote:
>
> PS - Implementations that allow multiple encapsulation (ESP/ESP/IP, or
> ESP/ESP/ESP/IP, etc.) may not be exportable as a product from the US.
> Exportable implementations may be required to block ESP over ESP :-(
>
> Exportable implementations will probably not be allowed to implement
> ESP at all since single-DES CBC is the mandatory ESP transform and
> single-DES itself is not exportable.
>
> Given the requirement that ESP support manual keying, a conformant
> implementation woulld also not likely be exportable under the proposed
> (but hopefully irrelevant) "software key escrow"/"Clipper II"
> regulations.
>
> BTW, given recent talks with the export control folks: they would probably
> attempt to prevent export of ESP implementations which only supported ROT-13
> if they were too easy to modify to add other algorithms..
>
> - Bill
Follow-Ups:
References: