[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL




Rob Adams writes:
> We need a 40 bit DES description which defines how to weaken the key.
> And we need a transform number.

If people want to define time-wasting latency-adding protocols that
add no security, they shouldn't do it under IETF security area
auspices. A 40 bit key is literally worthless. It provides no security
even against anyone with any intelligence, it provides the illusion of
security without adding any (which is often worse than no security at
all), and it reduces your performance by eating CPU for no purpose.

I strongly feel the IETF should do *nothing* to encourage the use of
40 bit keys. If the U.S. government wants to pull a horrible hoax on
its citizens and pretend they have any legitimate purpose whatsoever,
they should do it without us helping.


Perry


References: