[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question regarding mandatory CBC-DES support

To: pcalhoun@usr.com
Subject: Re: Question regarding mandatory CBC-DES support
From: John Gilmore <gnu@toad.com>
Date: Fri, 19 Jul 1996 21:24:37 -0700
Cc: ipsec@TIS.COM, gnu@toad.com
In-Reply-To: <1EFAFD90.@usr.com>
Sender: ipsec-approval@neptune.tis.com

>      The IPSEC spec defines that all implementations MUST support CBC-DES. 
>      I have a question regarding the export laws which are associated with 
>      it. 

The government has approved many general exports of products with more
than 40-bit keys.  40 is the published minimum, not the real rule.
You will get more if you negotiate for it.

This is the evil of "secret law" in action, in which the real rules
are not public knowledge.  I encourage companies to publish their
export paperwork (see the bottom of ftp://ftp.cygnus.com/pub/export/
export.html) so that we can collectively attempt to infer what the
real rules are.  They like to keep us ignorant for divide-and-conquer;
together we are stronger.

But more importantly, the security of the IPSEC protocols rests on the
integrity of the implementations in choosing keys.  If your product
claims to be generating a 56-bit key but actually always uses an
identical key with everyone, it won't provide real security, but will
mislead your customers.  (Until the cypherpunks or your competition
looks more closely at your product.)

If sites want to provide minimal (e.g. 40-bit) security, they should
advertise a 40-bit algorithm in their key negotiations, so that sites
which want better security can refuse to communicate using that
algorithm.

The intent of the Internet Architecture Board in specifying that the
IPSEC protocols should be designed without regard to the peculiarities
of export controls of particular countries is clear.  The security of
the world Internet cannot and should not depend on the whims of one
national government.  If you make a 40-bit implementation, it won't be
compatible with the real IPSEC CBC-DES transform.  Build a real IPSEC
implementation in a free country, negotiate harder with the State
Department, lobby the government to get real, support the lawsuit to
overturn the export controls, and/or only ship your product
domestically.  You have lots of options.

The standard key management protocol should provide that both sides
contribute bits to the common key, so that both sides are required to
support all possible bit combinations as the final agreed-on key,
and neither side can force the key to be from a smaller space without
help from the other side.

I believe that an IPSEC implementation that deliberately restricts the
key space to be smaller than the documented key space should not
qualify as being compatible with the IPSEC standards.  This might
require some specific wording in the final standards, if the
working group agrees.

	John Gilmore

References:

Question regarding mandatory CBC-DESSupport

From: pcalhoun@usr.com

Prev by Date: Re: Key Management, anyone?
Next by Date: Re: Exporting an IPSec implementation
Prev by thread: Question regarding mandatory CBC-DESSupport
Next by thread: Re: Question regarding mandatory CBC-DESSupport
Index(es):
- Main
- Thread