> Besides, as the developers of open source software we can hardly
> exercise pressure on our users.
In FreeS/WAN we do. The code we ship only runs secure ciphers in
secure modes. You actually have to know enough to go in and
change the code to run insecurely. (Or, of course, you can get
your IPSEC from a different distribution, in which case you get
what you get and our reputation isn't at stake.)
This caused some grousing and grumbling from the lousy-crypto crowd,
but virtually all the real users found that, hmm, indeed if they asked
their other vendors for 3DES instead of DES, hmm, it was available.
So now they're all running 3DES VPNs instead of DES VPNs.
FreeS/WAN may have a lot fewer users than OpenSSL does, though; we guess
the number is in the hundreds, not the thousands. We're only on the
1.0 release.
John
- Re: so why is IETF stilling adding DES to proto... William H. Geiger III
- Re: so why is IETF stilling adding DES to p... Tom Weinstein
- Re: so why is IETF stilling adding DES ... James A. Donald
- Re: so why is IETF stilling adding ... Adam Shostack
- write code outside US (Re: so why is IE... Adam Back
- Re: write code outside US (Re: so w... Tom Weinstein
- Re: write code outside US (Re: so w... Sameer Parekh
- Re: so why is IETF stilling adding DES ... Eivind Eklund
- Re: so why is IETF stilling adding DES ... Bodo Moeller
- Re: so why is IETF stilling adding DES to proto... Ulf M�ller
- Re: so why is IETF stilling adding DES to p... John Gilmore
- Re: so why is IETF stilling adding DES ... Nelson Minar
- Padlock Size was Re: so why is IETF... Steve Mynott
- Re: Padlock Size was Re: so wh... Tom Weinstein
- Re: Padlock Size was Re: so wh... Dan Geer
- Re: so why is IETF stilling adding DES to p... Adam Shostack
- Re: so why is IETF stilling adding DES to protocols?... Adam Back
- RE: so why is IETF stilling adding DES to proto... Phill Hallam-Baker
- Re: so why is IETF stilling adding DES to p... Bodo Moeller
