Re: Wired query on Windows 2000 and DES/3DES

[Declan McCullagh <declan@wired.com>]

I just got off the phone with MS.

* They say the "feature" is reasonably well-documented, and that the 3DES 
crypto comes on a sep. disk/CDROM in all W2K installations, not just U.S.

* They say it's possible to configure a W2K box to use 3DES *only* and it 
will *not* drop down. I suspect this is not the default, but I didn't think 
to ask.

* They say it's for remote ease-of-maintenance: "if i misconfigured a 
system, rather than having to travel out to that machine to fix it or 
rather than having that machine be completely in the clear, what we did was 
use the highest level of encryption that we could export and import into 
the country. what we did was leave it in a state that could be managed."

* They say their customers like it: "no one has disputed this or questioned 
this. clearly the customers must think this is a proper approach, rather 
than some people who come from a philosophical background that you manage 
policy from the end system and not the directory."

Any thoughts? I'm writing my article now.

-Declan

---

Follow-Ups:

• Re: Wired query on Windows 2000 and DES/3DES
• From: "Michael H. Warfield" <mhw@wittsend.com>
• Re: Wired query on Windows 2000 and DES/3DES
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

---

• Prev by Date: RE: Windows 2000 and Cicsco router interoperability
• Next by Date: RE: Win2k IKE
• Prev by thread: RE: Wired query on Windows 2000 and DES/3DES
• Next by thread: Re: Wired query on Windows 2000 and DES/3DES
• Index(es):
  • Main
  • Thread