[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP revisions straw poll



Bill,

	Perhaps I wasn't clear enough in my message.  Let me try to restate
my position, which may not be different from yours, but which seemed to be
at odds with some of the previous messages:

	- AH and ESP are both (U.S.) export controlled, because they employ
crypto
	- AH, because it does not provide confidentiality (encryption) and
because the algorithms mandated for support ar hash/MAC algorithms, should
be exportable under commodity jurisdiction license, which is relatively
easy to get.   Source code may be exportable (not just object code), but
that's always a bit trickier.
	- ESP, with mandatory support for DES encryption, is much more
strictly export controlled.  Under current practice, unless there is a
facility for key recovery, or credible plans in place for such, it iwll be
very difficult to export an ESP implementation (even in object code form),
and source code is definately a problem.  Adding other (e.g., weaker)
algorithms doesn't help with export, so long as a 56-bit DES is part of the
package, as is currently required for ESP compliance.  Adding another
protocol feature, such as encryptionless ESP, will not make export any
harder, not any easier.

Steve




Follow-Ups: References: