[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: 40bit DES?
Actually it doesn't hurt my organization at all, since we are a Canadian
corporation and we can export 56-bit DES without key-recovery to almost
anywhere. I am just thinking about all those poor US companies that
will not be able to export IPSec due to the US's export laws. I agree
with you about the severity of the situation for American (and Canadian)
organizations, but I disagree using US based IPSec companies as martyrs.
We have to ask ourselfs if we wish to use IPSec as a vehicle to change
the US government's export laws, or do we wish to make a PROTOCOL. I
vote for making an interoperable protocol. There must be other ways to
get the US gov to changes its export laws.
> -----Original Message-----
> From: Perry E. Metzger [mailto:perry@piermont.com]
> Sent: Tuesday, May 12, 1998 5:22 PM
> To: Roy Pereira
> Cc: perry@piermont.com; jim@mentat.com; chk@utcc.utoronto.ca;
> rgm-sec@htt-consult.com; ipsec@tis.com
> Subject: Re: 40bit DES?
>
>
>
> Roy Pereira writes:
> > blah, blah, blah..... Regardless of what your opinion is,
> in the real
> > world we are forced with export issues. Sure 40-bit DES
> isn't secure,
> > but it sure is a lot better than no encryption or not
> having any sales?
>
> Huh?
>
> 40 bit DES *is* having no encryption. Its got only one legitimate
> function -- it will slow your computer down. What's the point?
>
> Not having any sales is the vendor's problem, not the customer's. The
> choice is not "no encryption or 40 bit DES". It is "no encryption or
> buy from a company like SSH Communcations Security Oy". The mere fact
> that VENDORS are harmed by this doesn't harm CUSTOMERS. End users get
> to buy from whom they want.
>
> > Its time to move from the theoretical to the practical. I
> can dream of
> > a day when we all live together in harmony with world
> peace, but reality
> > dictates something else, doesn't it?
>
> Reality is that customers get to buy from overseas vendors. I'm sorry
> if this hurts you as a U.S. vendor. Go and get your lobbyist
> working. This doesn't inconvenience me as a user. Just
> because the NSA
> is pushing job exports doesn't mean you can't go and push for crypto
> exports.
>
> Perry
>
Follow-Ups: