[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 40bit DES?



> >> there seems to be 3 things needed for 'US exportable' IPsec:
> >> 
> >> A 40bit DES ESP algorithm
> >> A 40bit DES for IKE
> >> A 512 modulus for D-H
> >> 
> >> All three items handled by one draft might be called:
> >
> >Only the first entry is required. You can leave the IKE encryption and D-H
> >moduli (and RSA key strengths) at their normal, standard levels.
> >
> I have heard of problems with exporting group 1.  Has anyone gotten
> approval (of course that would prove nothing).

Tell me again why we want it?  We already have the NULL ESP algorithm,
which provides a proof of concept of the framework without providing
security.  Another such algorithm would seem to be overkill.

Again -- our job is to provide a technical spec to allow people to
communicate securely.  If we compromise it so that the lowest common
denominator is insecure, we're wasting our time.

	Jim Gillogly


Follow-Ups: