[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Wired query on Windows 2000 and DES/3DES
I just got off the phone with MS.
* They say the "feature" is reasonably well-documented, and that the 3DES
crypto comes on a sep. disk/CDROM in all W2K installations, not just U.S.
* They say it's possible to configure a W2K box to use 3DES *only* and it
will *not* drop down. I suspect this is not the default, but I didn't think
to ask.
* They say it's for remote ease-of-maintenance: "if i misconfigured a
system, rather than having to travel out to that machine to fix it or
rather than having that machine be completely in the clear, what we did was
use the highest level of encryption that we could export and import into
the country. what we did was leave it in a state that could be managed."
* They say their customers like it: "no one has disputed this or questioned
this. clearly the customers must think this is a proper approach, rather
than some people who come from a philosophical background that you manage
policy from the end system and not the directory."
Any thoughts? I'm writing my article now.
-Declan
Follow-Ups: