[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: perry@piermont.com
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: Daniel Harkins <dharkins@cisco.com>
Date: Fri, 20 Feb 1998 13:22:26 -0800
Cc: ipsec@tis.com
In-Reply-To: Your message of "Fri, 20 Feb 1998 15:26:59 EST." <199802202027.PAA03149@jekyll.piermont.com>
Sender: owner-ipsec@ex.tis.com

> I removed "someone"'s name because I don't want them to think the
> following targets them specifically. It is directed not at particular
> people but at the notion of ciphers with inadequate key lengths being
> standardized, even in the "sheep's clothing" of variable length
> ciphers that permit inadequate lengths.
> 
> <flame height="empire state building" heat="5000 degrees k">

Ahh, yea, right. Add a "disclaimer" and gratuitous imbedded pseudo-html
and it's ok to be a prick? I think not. 

> You argue "hey, some of us have to make a living". Well, do it in a
> less damaging way -- sell CD-ROM encyclopedias door to door or
> something.  If you insist on selling your customers junk -- and 40 bit
> encryption is *junk* -- please do not ask the rest of us to endorse
> your mechanism with the imprimateur of the IETF. The last thing I want
> on earth is to see such a box sold with a brochure advertising its
> compliance with RFC YYYY. Find a better way of marketing the
> antifreeze you propose selling as booze to the third world
> natives. You don't need an RFC number to do that.

Hey, screw you! What do you _produce_ anyway? We sell what we are permitted
by law and so do you, it's just that you sell advice. If someone wants 3DES 
for their router we'll be happy to sell it. If they want crap we'll also be 
happy to sell that. We are just bound by the laws of this country. It's
easy to be righteously indignant when it doesn't effect you and since your
"product" is not affected by this you don't think twice before you rise
to the occasion. Bully for you.

For your information, we are permitted to export single DES so this whole 
40bit nonsense does not affect me. I'm trying to forge a compromise and am 
sympathetic to people who may not have a job because their company can't 
make enough money in a domestic market alone. I don't have that worry; our 
domestic sales would be enough even if we didn't have export approval for
single DES.

Unfortunatly some people love to hear the sound of their own voice even
if it's in email. Get off your soapbox asshole. Nobody's asking for The 
Imprimateur of the IETF. And who really cares what you want to see anyway?

> Oh, and if any vendor does go through the exercise of selling such a
> thing, I suspect that software will be widely distributed on the net
> to help even unskilled teenage crackers break the "encryption"[sic]
> without having to know what they are doing. I suspect that because if
> no one else does I'll write it and distribute it myself. A false sense
> of security is worse than no security.

Vendors already sell such a thing (40bit DES obfuscation products). Put up 
or shut up. I hope this is more imaginative (and faster) than simple brute 
force. In any event, I'm waiting.

  Dan.

Follow-Ups:

Re: IPSEC WORKING GROUP LAST CALL

From: "Perry E. Metzger" <perry@piermont.com>

References:

Re: IPSEC WORKING GROUP LAST CALL

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: I-D ACTION:draft-ietf-ipsec-auth-hmac-sha196-03.txt
Next by Date: Re: IPSEC WORKING GROUP LAST CALL
Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
Next by thread: Re: IPSEC WORKING GROUP LAST CALL
Index(es):
- Main
- Thread