[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 40bit DES?

To: perry@piermont.com
Subject: RE: 40bit DES?
From: Roy Pereira <rpereira@TimeStep.com>
Date: Tue, 12 May 1998 17:47:00 -0400
Cc: jim@mentat.com, chk@utcc.utoronto.ca, rgm-sec@htt-consult.com, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Actually it doesn't hurt my organization at all, since we are a Canadian
corporation and we can export 56-bit DES without key-recovery to almost
anywhere.  I am just thinking about all those poor US companies that
will not be able to export IPSec due to the US's export laws.  I agree
with you about the severity of the situation for American (and Canadian)
organizations, but I disagree using US based IPSec companies as martyrs.

We have to ask ourselfs if we wish to use IPSec as a vehicle to change
the US government's export laws, or do we wish to make a PROTOCOL.  I
vote for making an interoperable protocol.  There must be other ways to
get the US gov to changes its export laws.

> -----Original Message-----
> From: Perry E. Metzger [mailto:perry@piermont.com]
> Sent: Tuesday, May 12, 1998 5:22 PM
> To: Roy Pereira
> Cc: perry@piermont.com; jim@mentat.com; chk@utcc.utoronto.ca;
> rgm-sec@htt-consult.com; ipsec@tis.com
> Subject: Re: 40bit DES? 
> 
> 
> 
> Roy Pereira writes:
> > blah, blah, blah..... Regardless of what your opinion is, 
> in the real
> > world we are forced with export issues.  Sure 40-bit DES 
> isn't secure,
> > but it sure is a lot better than no encryption or not 
> having any sales?
> 
> Huh?
> 
> 40 bit DES *is* having no encryption. Its got only one legitimate
> function -- it will slow your computer down. What's the point?
> 
> Not having any sales is the vendor's problem, not the customer's.  The
> choice is not "no encryption or 40 bit DES". It is "no encryption or
> buy from a company like SSH Communcations Security Oy". The mere fact
> that VENDORS are harmed by this doesn't harm CUSTOMERS. End users get
> to buy from whom they want.
> 
> > Its time to move from the theoretical to the practical.  I 
> can dream of
> > a day when we all live together in harmony with world 
> peace, but reality
> > dictates something else, doesn't it?
> 
> Reality is that customers get to buy from overseas vendors. I'm sorry
> if this hurts you as a U.S. vendor. Go and get your lobbyist
> working. This doesn't inconvenience me as a user. Just 
> because the NSA 
> is pushing job exports doesn't mean you can't go and push for crypto
> exports.
> 
> Perry
>

Follow-Ups:

Re: 40bit DES?

From: "Perry E. Metzger" <perry@piermont.com>

RE: 40bit DES?

From: Mike Eisler <mre@Eng.Sun.Com>

RE: 40bit DES?

From: Helger Lipmaa <helger@cyber.ee>

Prev by Date: Re: 40bit DES?
Next by Date: Re: 40bit DES?
Prev by thread: Re: 40bit DES?
Next by thread: Re: 40bit DES?
Index(es):
- Main
- Thread