[32493] in North American Network Operators' Group
Re: ssh access to cisco and "unfriendlies"
daemon@ATHENA.MIT.EDU (theo)
Thu Nov 23 11:55:06 2000
Message-ID: <3A1D4B76.2F4A839E@rimail.com>
Date: Thu, 23 Nov 2000 17:53:11 +0100
From: theo <tb@rimail.com>
MIME-Version: 1.0
To: Jim Mercer <jim@reptiles.org>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> however, it is my understanding that IPSec will require 3des. so, while
> i can have quasi-encrypted config access, i can't use the new and improved
> VPN technology without 3des.
>
hmmm, I think you can still run ipsec tunnels with des only. But still the argument
counts that you are not using the latest encryption technology.
>
> imagine my "suprise" (none really) when i got onsite and discovered a number
> of ciscos installed by competitors. (we eventually lost the contract, and
> i'll note that the current supplier is using an all cisco network, inside and
> outside the "restricted" country.
>
> i wonder if uunet/teleglobe/cable-and-wireless have gotten special permission
> to run 3des capable routers on their networks. i'm sure that all three are
> supplying network services to countries not on that list.
very good question. My interpretation of the licence agreement is that they can do
so in the "listed" countries *only* but not in the rest.
In general this is a very sensitive point. People lost their accounts with cisco
when they applied for the software without their companies knowing about that. I
still don't understand though how others (some unix os for example) ship 3des with
public domain software.
--
theo
