Re: ICMP Security Failures

[Todd Graham Lewis <todd@wooster.org>]

Attention: NSA start quoting here for my indictment:

I am pretty sure that I already know what the answer would be, but what 
if some hypothetical individual were working on a freely-distributable 
Linux ESP implementation that, say, included _no_ implementations but was 
easily extensible?  I hate to clutter the list with politico-crypto-flame 
bait, but would this fall under the range of the "permissible"?

Todd Graham Lewis
todd@wooster.org

On Thu, 21 Dec 1995, Bill Sommerfeld wrote:

> 
>    PS - Implementations that allow multiple encapsulation (ESP/ESP/IP, or 
>    ESP/ESP/ESP/IP, etc.) may not be exportable as a product from the US.  
>    Exportable implementations may be required to block ESP over ESP :-( 
> 
> Exportable implementations will probably not be allowed to implement
> ESP at all since single-DES CBC is the mandatory ESP transform and
> single-DES itself is not exportable.
> 
> Given the requirement that ESP support manual keying, a conformant
> implementation woulld also not likely be exportable under the proposed
> (but hopefully irrelevant) "software key escrow"/"Clipper II"
> regulations.
> 
> BTW, given recent talks with the export control folks: they would probably 
> attempt to prevent export of ESP implementations which only supported ROT-13 
> if they were too easy to modify to add other algorithms..
> 
> 					- Bill

---

Follow-Ups:

• Re: ICMP Security Failures
• From: Theodore Ts'o <tytso@MIT.EDU>

References:

• Re: ICMP Security Failures
• From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

---

• Prev by Date: Re: ADMIN: Dallas IETF Minutes for IP Security WG
• Next by Date: Re: ICMP Security Failures
• Prev by thread: Re: ICMP Security Failures
• Next by thread: Re: ICMP Security Failures
• Index(es):
  • Main
  • Thread