Export of Weak Crypto Rathole....

["Theodore Y. Ts'o" <tytso@MIT.EDU>]

May I suggest to all concerned that we table this discussion of weak
crypto?  We've had this discussion many times before in the past, and I
doubt it's profitable for us to have this discussion again. 

The task before us is to get the current core set of IPSEC documents out
as Internet Standards.  Support of export-grade "cryptography" was not
in the scope of the original IPSEC drafts, and I don't believe this is
time to add additional optional algorithms.  There will be plenty of
time to debate the merits of additional optional algorithms after we get
the core documents out.  I am not singling out export grade crypto with
this statement; I've made similar statements about the RIPEMD hash
algorithm.

If we have general concensus that draft-ietf-ipsec-ciph-cbc-01.doc
(which includes 3DES) is ready, then I'm not opposed to sending it to
the IESG along with everything else, since it will avoid needing to rip
out a lot of references from the DOI.  However, now is not the right
time to add new crypto algorithms, such as 112-bit 3DES, or 40 bit DES.
So why don't we table this discussion for now?  We can take that up
after we get the core drafts out.

							- Ted

---

Follow-Ups:

• Re: Export of Weak Crypto Rathole....
• From: Helger Lipmaa <helger@ioc.ee>

---

• Prev by Date: Re: IPSEC WORKING GROUP LAST CALL
• Next by Date: RE: IPSEC WORKING GROUP LAST CALL
• Prev by thread: Multiple Phase 1 Channels between hosts?
• Next by thread: Re: Export of Weak Crypto Rathole....
• Index(es):
  • Main
  • Thread