Re: ssh access to cisco and "unfriendlies"

[Jim Mercer <jim () reptiles org>]

On Thu, Nov 23, 2000 at 05:53:11PM +0100, theo wrote:
> > however, it is my understanding that IPSec will require 3des.  so, while
> > i can have quasi-encrypted config access, i can't use the new and improved
> > VPN technology without 3des.
>
> hmmm, I think you can still run ipsec tunnels with des only. But still
> the argument counts that you are not using the latest encryption technology.

i have no interest in using the latest crypto gunge in "restricted" countries.

i would like to 3des enable my local (canadian) routers, so that i can use
3des with my canadian/US/UK customers.

> > i wonder if uunet/teleglobe/cable-and-wireless have gotten special
> > permission to run 3des capable routers on their networks.  i'm sure
> > that all three are supplying network services to countries not on
> > that list.
>
> very good question. My interpretation of the licence agreement is that
> they can do so in the "listed" countries *only* but not in the rest.

my interpretation is that they can't use it in their enterprise if they
are providing "network services" with countries _not_ listed.

> I still don't understand though how others (some unix os for
> example) ship 3des with public domain software.

my understanding is that the various unix OS's use crypto gunge that was
developed outside the US, or which the US has deemed ok-for-export.

there is another element, which was the patent on the RSA stuff, which has
now expired.

-- 
[ Jim Mercer                 jim () reptiles org              +1 416 410-5633 ]
[          Reptilian Research -- Longer Life through Colder Blood          ]
[  Don't be fooled by cheap Finnish imitations; BSD is the One True Code.  ]