RE: Exportable encryption & Kerberos
"Mike Swift (NT)" <mikesw@microsoft.com> Fri, 16 January 1998 18:58 UTC
From: "Mike Swift (NT)" <mikesw@microsoft.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: cat-ietf@mit.edu
Subject: RE: Exportable encryption & Kerberos
Date: Fri, 16 Jan 1998 10:58:32 -0800
X-Message-ID:
Message-ID: <20140418005448.2560.82400.ARCHIVE@ietfa.amsl.com>
I agree that the words "domestic" and "exportable" were poor choices - how about "strong" and "weak", so that there are no doubts about what is being offered? I thought about extending the AP request to include additional enc types. However, negotiating both a key & and encryption type at the same time is difficult - the thing to do might be to expand the key in the AP_REQ to be a sequence of keys, and the server replies with they key it chose or its own key. Any support for distinguishing between strong & weak encryption is by its very nature incompatible - clients and servers that only do weak encryption have to fail requests to and from machine that do strong encryption, so extending the AP request structure might be reasonable. - Mike > -----Original Message----- > From: Ken Hornstein [SMTP:kenh@cmf.nrl.navy.mil] > Sent: Tuesday, January 13, 1998 12:07 PM > To: Mike Swift (NT) > Cc: cat-ietf@mit.edu > Subject: Re: Exportable encryption & Kerberos > ... > Maybe the thing to do is make the AP_REQ have an optional list of > enctypes for the server to choose from? > > The only thing I don't like about your proposal is the use of "domestic" > vs "exportable"; as someone else pointed out, this is pretty US-centric. > And what do you do if the law changes? :-) > > --Ken
- Exportable encryption & Kerberos Mike Swift (NT)
- Re: Exportable encryption & Kerberos joes
- RE: Exportable encryption & Kerberos Mike Swift (NT)
- RE: Exportable encryption & Kerberos Mike Swift (NT)