On Aug 12, 2015, at 10:31 PM, Harald Alvestrand
<harald(_at_)alvestrand(_dot_)no> wrote:
Den 13. aug. 2015 01:31, skrev Roy T. Fielding:
On Aug 12, 2015, at 2:49 PM, Harald Alvestrand
<harald(_at_)alvestrand(_dot_)no> wrote:
On 08/12/2015 11:02 PM, Roy T. Fielding wrote:
The reason I read it that way is because, in fact, none of the protocols
we developed at that time actually required strong cryptography. They
just assumed you would layer the right amount of cryptography underneath,
using one of the (at that time) non-IETF security protocols with
appropriate
patent and export licensing.
I was in the room at the Danvers plenary, and that was not the
impression I got.
In particular, at that time many people believed very strongly that
IPSEC, an IETF protocol, would be THE most useful tool for achieving
security, once it was finished.
Yes, certainly. But, IPsec didn't require strong encryption be used;
it required an MTI algorithm of 56bit DES-CBC. IPsec had algorithm and
key length options, like everything else at the time.
At that time, 56bit DES-CBC was considered strong per the export rules.
What we were fighting against was 40bit RC4.
MTI algorithms (when not ignored) impact export control of the software,
not actual use. If the powers that be said "you can't use more than 40bit
keys when communicating across borders", then nothing the IETF required
would have gone against it. IPsec allowed 40bit RC4. It still would have
been stupid and steadfastly ignored by most people, but that's how we
worked around the stupid.
....Roy