[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES with 40-bit key?

At 05:06 PM 3/29/99 +0300, Juha Heinanen wrote:
>Ari Huttunen writes:

(Ignoring the nontechnical issues, like Wassenar and how you
plan on getting 40bit watered-down 3des export approved...)

If you use proper negotiated values in IKE, then you are shipping a
"conforming" implementation in that you're being clear about what you're
negotiation.  In other words, you could, for example, ship a product
that used one of the private values for your own (hacked, nonstandard,
non-safe) 40-bit 3des variant.  It would not interoperate with others,
but it would honestly represent itself as to what ciphers it was or
was not using. If you don't implement the must-to-implement IPsec
cipher(s) as defined at the time of shipment (des, 3des, des-x, whatever),
then of course you'd not be able to interoperate with someone who DID
implement the must-to-implement set.  So you'd get away with this in the
cold cruel commercial world, where people often purchase matched sets
of boxes from one single vendor.