Re: ssh access to cisco and "unfriendlies"

[theo <tb () rimail com>]

> however, it is my understanding that IPSec will require 3des.  so, while
> i can have quasi-encrypted config access, i can't use the new and improved
> VPN technology without 3des.

hmmm, I think you can still run ipsec tunnels with des only. But still the argument
counts that you are not using the latest encryption technology.

> imagine my "suprise" (none really) when i got onsite and discovered a number
> of ciscos installed by competitors.  (we eventually lost the contract, and
> i'll note that the current supplier is using an all cisco network, inside and
> outside the "restricted" country.
>
> i wonder if uunet/teleglobe/cable-and-wireless have gotten special permission
> to run 3des capable routers on their networks.  i'm sure that all three are
> supplying network services to countries not on that list.

very good question. My interpretation of the licence agreement is that they can do
so in the "listed" countries *only* but not in the rest.

In general this is a very sensitive point. People lost their accounts with cisco
when they applied for the software without their companies knowing about that. I
still don't understand though how others (some unix os for example) ship 3des with
public domain software.

--
theo