[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 40bit DES?

To: jim@mentat.com (Jim Gillogly), chk@utcc.utoronto.ca
Subject: Re: 40bit DES?
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Tue, 12 May 1998 15:10:15 -0400
Cc: ipsec@tis.com
In-Reply-To: <9805121759.AA17332@mentat.com>
Sender: owner-ipsec@ex.tis.com

At 10:59 AM 5/12/98 PDT, Jim Gillogly wrote:
>> >> there seems to be 3 things needed for 'US exportable' IPsec:
>> >> 
>
>Tell me again why we want it?  We already have the NULL ESP algorithm,
>which provides a proof of concept of the framework without providing
>security.  Another such algorithm would seem to be overkill.
>
>Again -- our job is to provide a technical spec to allow people to
>communicate securely.  If we compromise it so that the lowest common
>denominator is insecure, we're wasting our time.
>
Sigh.  I would rather not do this.  In fact "I" will not.  Some vendor(s)
out there that decide they need this in their product will submit the
technique as an informational RFC.  The workgroup will be asked to review
it per POISED proceedures.  We SHOULD be able to state that it does not
break the protocol, but to say that it is secure, read RFC 1984...

Dumbed down IPsec will not be in the re-charter.  It does not have to be in
the charter at this point.


Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

References:

Re: 40bit DES?

From: jim@mentat.com (Jim Gillogly)

Prev by Date: Re: Some questions
Next by Date: Re: 40bit DES?
Prev by thread: Re: 40bit DES?
Next by thread: Re: 40bit DES?
Index(es):
- Main
- Thread