[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 40bit DES?

To: Ran Canetti <canetti@watson.ibm.com>, chk@utcc.utoronto.ca
Subject: Re: 40bit DES?
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Wed, 13 May 1998 00:04:15 -0400
Cc: ipsec@tis.com
In-Reply-To: <9805122209.AA30010@ornavella.watson.ibm.com>
Sender: owner-ipsec@ex.tis.com

At 06:09 PM 5/12/98 -0400, Ran Canetti wrote:
>> > there seems to be 3 things needed for 'US exportable' IPsec:
>> > 
>> > A 40bit DES ESP algorithm
>> > A 40bit DES for IKE
>> > A 512 modulus for D-H
>> > 
>> > All three items handled by one draft might be called:
>> 
>> Only the first entry is required. You can leave the IKE encryption and D-H
>> moduli (and RSA key strengths) at their normal, standard levels.
>> 
>Very good point. Just to stress: the cryptographic strength of the 
>algorithms in IKE has nothing to do with the strength of the data
>encryption. It only determines the level of confidence in the 
>authenticity and secrecy of the agreed key (however long or short it 
>chooses to be). No reason to weaken that.
>
Actually there appears to be a reason.  there are vendors have problems
with getting export license for IKE, too strong.

Sigh.

Keep in mind, that I am working as hard as possible to have as many
countries producing their own IPsec products.


Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

Follow-Ups:

Re: 40bit DES?

From: Paul Koning <pkoning@xedia.com>

References:

Re: 40bit DES?

From: Ran Canetti <canetti@watson.ibm.com>

Prev by Date: Re: Fwd: Re: Some questions
Next by Date: liability for selling bad crypto?
Prev by thread: Re: 40bit DES?
Next by thread: Re: 40bit DES?
Index(es):
- Main
- Thread