[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP over ESP was Re: ICMP Security Failures

To: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
Subject: Re: ESP over ESP was Re: ICMP Security Failures
From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Sat, 23 Dec 1995 13:08:13 +0200
Cc: tytso@mit.edu, ipsec@ans.net
In-Reply-To: <199512221641.AA09381@interlock.ans.net>
Organization: Helsinki University of Technology, Finland
References: <199512221641.AA09381@interlock.ans.net>

>         An implementation of ESP that supports the recursive encapsulation 
>         of ESP will generally not be eligible for an export license which  
>         permits the product to the general public outside of the United States. 

Since the United States at present generally only allows export of
products that are breakable even by individual hackers, not to mention
organized criminal, major corporations, and governments, in my opinion
it is better to not include stuff in the standard that would undermine
its original goals by rendering it again insecure.  If we are seeking
to solve the security problems on the internet, please lets do it
right this time.

If the US corporations cannot export products that provide a decent
level of security, I am sure there will be other companies outside the
United States who will.  The techniques themselves are very
widespread.  (Some information on foreign availability can be found at
http://www.cs.hut.fi/crypto.)

    Tatu

References:

Re: ESP over ESP was Re: ICMP Security Failures

From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>

Prev by Date: Re: forward secrecy
Next by Date: Re: ICMP Security Failures
Prev by thread: Re: ESP over ESP was Re: ICMP Security Failures
Next by thread: Re: ESP over ESP
Index(es):
- Main
- Thread