Fwd: Re: 40bit DES?

[Rodney Thayer <rodney@sabletech.com>]

I do think people are going to want these weak ciphers.  Whether it's because
of their politics, or because they want clearly useless demo-ware (my favorite
reason) or because their marketing staff don't care as long as the customers
pay money for it, or whatever.  Jim does have a point however, there's a
variety of features in IKE that would allow negotiation of private ciphers,
why
not just let people who want 40 bit DES or 6 bit DES or 504-bit 9DES negotiate
their own thing?  I think we've met the "be architecturally responsible"
criteria by allowing private negotiation.

>Date: Tue, 12 May 98 10:59:44 PDT
>From: jim@mentat.com (Jim Gillogly)
>To: chk@utcc.utoronto.ca, rgm-sec@htt-consult.com
>Subject: Re: 40bit DES?
>Cc: ipsec@tis.com
>Sender: owner-ipsec@ex.tis.com
>
>> >> there seems to be 3 things needed for 'US exportable' IPsec:
>> >> 
>> >> A 40bit DES ESP algorithm
>> >> A 40bit DES for IKE
>> >> A 512 modulus for D-H
>> >> 
>> >> All three items handled by one draft might be called:
>> >
>> >Only the first entry is required. You can leave the IKE encryption and D-H
>> >moduli (and RSA key strengths) at their normal, standard levels.
>> >
>> I have heard of problems with exporting group 1.  Has anyone gotten
>> approval (of course that would prove nothing).
>
>Tell me again why we want it?  We already have the NULL ESP algorithm,
>which provides a proof of concept of the framework without providing
>security.  Another such algorithm would seem to be overkill.
>
>Again -- our job is to provide a technical spec to allow people to
>communicate securely.  If we compromise it so that the lowest common
>denominator is insecure, we're wasting our time.
>
> Jim Gillogly
>

---

• Prev by Date: Re: 40bit DES?
• Next by Date: Re: Some questions
• Prev by thread: Re: Fwd: Re: Some questions
• Next by thread: Fwd: Re: 40bit DES?
• Index(es):
  • Main
  • Thread