Re: 40bit DES?

["Perry E. Metzger" <perry@piermont.com>]

Jim Gillogly writes:
> > >> there seems to be 3 things needed for 'US exportable' IPsec:
> > >> 
> > >> A 40bit DES ESP algorithm

> Tell me again why we want it?  We already have the NULL ESP algorithm,
> which provides a proof of concept of the framework without providing
> security.  Another such algorithm would seem to be overkill.
> 
> Again -- our job is to provide a technical spec to allow people to
> communicate securely.  If we compromise it so that the lowest common
> denominator is insecure, we're wasting our time.

Indeed, DES with 56 bits isn't secure. With 40 bits, you are wasting
the time of your customers. I've said it before and I'll say it again
-- selling 40 bit cryptography to your customers, even if they ask it, 
is like selling patent medicine to a cancer patient -- its more or
less fraud. Even IBM doesn't pretend CDMF provides any security at
all -- thus the name.

If the U.S. congress wants to hand your customers over to SSH and
other overseas companies selling crypto software, complain to
Congress, not the IETF. Anyone who wants to can buy compliant code,
and if they can't buy it from you because you are "locationally
challenged", that's between you and your congressman, and frankly,
most of the companies complaining have more than enough money to go
out and lobby.

Perry

---

Follow-Ups:

• Re: 40bit DES?
• From: Eric Vyncke <evyncke@cisco.com>

References:

• Re: 40bit DES?
• From: jim@mentat.com (Jim Gillogly)

---

• Prev by Date: Re: 40bit DES?
• Next by Date: Fwd: Re: 40bit DES?
• Prev by thread: Re: 40bit DES?
• Next by thread: Re: 40bit DES?
• Index(es):
  • Main
  • Thread