Great Circle Associates Firewalls
(July 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewalls-Digest V4 #399
From: "Kare Presttun" <Kare . Presttun @ ansf . alcatel . fr>
Organization: Alcanet International
Date: Thu, 6 Jul 1995 11:03:10 +0200
To: Firewalls @ GreatCircle . COM
Priority: normal
Reply-to: Kare . Presttun @ ansf . alcatel . fr 
> 
> From: "Simon J. Gerraty" <sjg @
 zen .
 void .
 oz .
 au>
> Date: Thu, 6 Jul 1995 14:33:53 +1000
> Subject: Re: controlling FTP transfers 
> 
> > 	 Should we all be doing cryptographic authentication on a
> > 	 per-packet basis?  This way, I have to break an MD5 key.  --
> > 
> > You got it.
> 
> Yes indeed, but how are we ever going to standardize?
> 
> The U.S. is not the only country with restrictive laws about encryption tech.
> Unless of course the encryption is so weak as to be useless.
> 
You may use and export authentication and integrity mechanisms 
everywhere, even strong ones. The stupid thing often seen is that
these functions are implemented using a confidentiallity function,
and that's where the problem starts. Using MD5 should not be a
problem, you may even use DES if you run it in MAC mode and your
implementation is hard to misuse to do DES encryption. If you want
confidentiallity you have to limit it to 40 bit key if you want 
to use and export it everywhere. The strenght of 40 bit key was
discussed here some weeks ago.

> The net result is that we all have to re-invent wheels that have
> little or no change of ever interworking.   I've hacked encryption
> back into telnet, but with all the previous TELOPT_ENCRYPTION code
> removed I'm 101% sure my implementation is incompatible... (so I used
> a different option number).
> The net result is that we all have to re-invent wheels that have
> little or no change of ever interworking.   I've hacked encryption
> back into telnet, but with all the previous TELOPT_ENCRYPTION code
> removed I'm 101% sure my implementation is incompatible... (so I used
> a different option number).
> 
> Anyone know how IPng are tackling this?  
> 
> Or is everyone hoping the Phil Zimmerman case and the RSA T-shirt will
> force a change to the laws?
> 
> - --sjg
> 
> ------------------------------
Kare
----------------------------------------------------------
| Kare Presttun                    Alcanet International |
| Tel: +33 1 4058 5614             33, rue Emeriau       |
| Fax: +33 1 4058 5945             F-75015 Paris         |
| Kare .
 Presttun @
 ansf .
 alcatel .
 fr    FRANCE                |
Indexed By Date Previous: Re: controlling cern-httpd-proxy
From: ARNTZ Olivier <arntzo @ god . bel . alcatel . be>
Next: Re: Free firewall on Linux
From: jsanchez @ gmv . es (Julio Sanchez)
Indexed By Thread Previous: Re: Shadow passwds under HP_UX 9.0x
From: "Jim Carroll" <jcarroll @ wellspring . us . dg . com>
Next: Announce: LSLI PORTUS 2.1 tutorial
From: fletch @ gw . lsli . com
Google
 
Search Internet Search www.greatcircle.com