Re: IPSEC WORKING GROUP LAST CALL

[Daniel Harkins <dharkins@cisco.com>]

As Bob said, how to weaken the key is well known but I figured a CBC-MAC
was well known and that apparently is not the case. We need documents
describing things and there is no document describing "40 bit DES" (maybe
there's some weird gov't document that I'm not aware of). Since DES does 
not use a variable length key-- "40 bit DES" uses and 8 byte key the same 
as "56 bit DES"-- it is not appropriate to negotiate DES with the key length 
attribute set to 40. So I think "40 bit DES" is out.

Perhaps a compromise between the two camps is to add another document to 
the pile that will allow people who happen to live in a country with export
regulations to export an IPSec implementation. That would be some document
that describes a variable length cipher, which means RC4 or Blowfish.
Personally, I'd prefer Blowfish.

How does this sound? We (the IPSec WG) are not tacitly endorsing this
insane policy our gov't (and Israel's gov't and Russia's gov't and France's
gov't and .... ) has, yet we're giving people whose livelihood depends on 
being able to sell product to continue to be gainfully employed and producing
something useful and secure (in addition to the weak exportable product). 

  Dan.

---

Follow-Ups:

• Re: IPSEC WORKING GROUP LAST CALL
• From: "Perry E. Metzger" <perry@piermont.com>

---

• Prev by Date: Re: IPSEC WORKING GROUP LAST CALL
• Next by Date: RE: IPSEC WORKING GROUP LAST CALL
• Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
• Next by thread: Re: IPSEC WORKING GROUP LAST CALL
• Index(es):
  • Main
  • Thread