[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Win2000 IKE and 3des

To: sumis@Exchange.Microsoft.com
Subject: RE: Win2000 IKE and 3des
From: Paul Koning <pkoning@xedia.com>
Date: Fri, 12 May 2000 16:23:54 -0400 (EDT)
Cc: ipsec@lists.tislabs.com
References: <6A05D00595BE644E9F435BE5947423F2BB557F@fifi.platinum.corp.microsoft.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Sumi" == Sumi Singh <sumis@Exchange.Microsoft.com> writes:

 Sumi> Just to clarify the behaviour of Windows 2000 - Windows 2000
 Sumi> weakens 3DES policy to DES if you do not have the strong
 Sumi> encryption pack (128-bit) installed. This weakening is
 Sumi> announced by an event in the Audit log. So if you have 2 peers
 Sumi> with no encryption pack installed, and a policy to use 3DES,
 Sumi> they will talk DES since they cannot do 3DES.

Clearly that's a major design error.

If you ask for something that's not supported, it should be rejected.
To change it (even with a message in some obscure log) is clearly
wrong.  You don't build secure systems that way.

	paul

References:

RE: Win2000 IKE and 3des

From: "Sumi Singh" <sumis@Exchange.Microsoft.com>

Prev by Date: RE: Win2000 IKE and 3des
Next by Date: RE: Windows 2000 and Cicsco router interoperability
Prev by thread: RE: Win2000 IKE and 3des
Next by thread: Re: Win2000 IKE and 3des
Index(es):
- Main
- Thread