Den 13. aug. 2015 01:31, skrev Roy T. Fielding: >> On Aug 12, 2015, at 2:49 PM, Harald Alvestrand <harald@xxxxxxxxxxxxx> wrote: >> >> On 08/12/2015 11:02 PM, Roy T. Fielding wrote: >>> The reason I read it that way is because, in fact, none of the protocols >>> we developed at that time actually required strong cryptography. They >>> just assumed you would layer the right amount of cryptography underneath, >>> using one of the (at that time) non-IETF security protocols with appropriate >>> patent and export licensing. >> I was in the room at the Danvers plenary, and that was not the >> impression I got. >> In particular, at that time many people believed very strongly that >> IPSEC, an IETF protocol, would be THE most useful tool for achieving >> security, once it was finished. > > Yes, certainly. But, IPsec didn't require strong encryption be used; > it required an MTI algorithm of 56bit DES-CBC. IPsec had algorithm and > key length options, like everything else at the time. At that time, 56bit DES-CBC was considered strong per the export rules. What we were fighting against was 40bit RC4.