> On Aug 12, 2015, at 10:31 PM, Harald Alvestrand <harald@xxxxxxxxxxxxx> wrote: > > Den 13. aug. 2015 01:31, skrev Roy T. Fielding: >>> On Aug 12, 2015, at 2:49 PM, Harald Alvestrand <harald@xxxxxxxxxxxxx> wrote: >>> >>> On 08/12/2015 11:02 PM, Roy T. Fielding wrote: >>>> The reason I read it that way is because, in fact, none of the protocols >>>> we developed at that time actually required strong cryptography. They >>>> just assumed you would layer the right amount of cryptography underneath, >>>> using one of the (at that time) non-IETF security protocols with appropriate >>>> patent and export licensing. >>> I was in the room at the Danvers plenary, and that was not the >>> impression I got. >>> In particular, at that time many people believed very strongly that >>> IPSEC, an IETF protocol, would be THE most useful tool for achieving >>> security, once it was finished. >> >> Yes, certainly. But, IPsec didn't require strong encryption be used; >> it required an MTI algorithm of 56bit DES-CBC. IPsec had algorithm and >> key length options, like everything else at the time. > > At that time, 56bit DES-CBC was considered strong per the export rules. > What we were fighting against was 40bit RC4. MTI algorithms (when not ignored) impact export control of the software, not actual use. If the powers that be said "you can't use more than 40bit keys when communicating across borders", then nothing the IETF required would have gone against it. IPsec allowed 40bit RC4. It still would have been stupid and steadfastly ignored by most people, but that's how we worked around the stupid. ....Roy