[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 40bit DES?
> >Very good point. Just to stress: the cryptographic strength of the
> >algorithms in IKE has nothing to do with the strength of the data
> >encryption. It only determines the level of confidence in the
> >authenticity and secrecy of the agreed key (however long or short it
> >chooses to be). No reason to weaken that.
> >
> Actually there appears to be a reason. there are vendors have problems
> with getting export license for IKE, too strong.
>
> Sigh.
yes, i've heard. thats indeed too bad, and should be taken into account.
my point was technical: from a cryptographic point of view there is
no real reason to prohibit strong key-exchange, if the ESP then uses weak
encryption. For instance, weak IKE will also, and unnecessarily so, result
in weak AH...
>
> Keep in mind, that I am working as hard as possible to have as many
> countries producing their own IPsec products.
>
>
> Robert Moskowitz