[3885] in cryptography@c2.net mail archive
RE: Triple DES "standard"?
daemon@ATHENA.MIT.EDU (Trei, Peter)
Fri Jan 1 00:02:30 1999
From: "Trei, Peter" <ptrei@securitydynamics.com>
To: "'salzr@certco.com'" <salzr@certco.com>, "'Vin McLellan'" <vin@shore.net>
Cc: Cryptography@c2.net
Date: Thu, 31 Dec 1998 11:39:56 -0500
> -----Original Message-----
> From: salzr@certco.com [SMTP:salzr@certco.com]
>
[Trei, Peter]
> > A couple years ago, when the X9 committee -- or maybe one of the X9
> >crypto subcommittees -- rejected that advice and initially recommended
> that
> >3DES be made a standard, I was told that the NSA rep angrily declared
> that
> >3DES would _never_ get an export license and would never be shipped
> >overseas. (Which may have put a damper on the 3DES standardization
> >effort;-)
>
> I heard the same story, but don't recall the source either.
>
> Someone (memory says Phil Karn, but I'm probably wrong) applied for some
> kind of export license and was denied. Interestingly, the form had an
> obviously-newly-added
> reason appended to the "checklist of reasons for denial." The addition
> was
> "uses
> triple-DES."
>
> Trolling through the cypherpunks archives around 12-18 months ago should
> find the
> story.
> /r$
[Trei, Peter]
I can partially confirm this - a couple of years ago
(at a previous employer) I incorporated SSL into an NT
web server (using SSLeay). The standard version used
3DES to encrypt server private keys for storage on
the server (not for transmission). The NSA initially
refused export permission, based on this feature. I
lowered the bar to single DES, and they were happy.
This was despite the fact that 3DES could *only* be used
to *store* the certificate. The NSA person I spoke to
made it clear that any use of 3DES in any capacity would
result in an automatic refusal.
[The domestic version continued to use 3DES, 1024 bit RSA,
and 128 bit RC4]
Peter Trei
ptrei@securitydynamics.com
[I apologize for the lousy formatting of this message. I
am using a Microsoft mail product.]
