[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Win2000 IKE and 3des
>>>>> "Sumi" == Sumi Singh <sumis@Exchange.Microsoft.com> writes:
Sumi> Just to clarify the behaviour of Windows 2000 - Windows 2000
Sumi> weakens 3DES policy to DES if you do not have the strong
Sumi> encryption pack (128-bit) installed. This weakening is
Sumi> announced by an event in the Audit log. So if you have 2 peers
Sumi> with no encryption pack installed, and a policy to use 3DES,
Sumi> they will talk DES since they cannot do 3DES.
Clearly that's a major design error.
If you ask for something that's not supported, it should be rejected.
To change it (even with a message in some obscure log) is clearly
wrong. You don't build secure systems that way.
paul
References: