--- begin forwarded text To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: linux-ipsec: US Justice Dept punting DES in favor of 3DES VPN Date: Wed, 25 Aug 1999 20:22:14 -0700 From: John Gilmore <[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] In order to use anything stronger than DES in the government, agencies have to publish a waiver in the Federal Register. The US Attorneys, who are trying to criminalize strong encryption (for everyone except themselves), were forced to publish that they're moving up to a 3DES VPN. I wonder if they're using our code? :-) John http://jya.com/doj081899.txt 19 August 1999. TTMF. Source: http://www.access.gpo.gov/su_docs/aces/aaces002.html ----------------------------------------------------------------------- [Federal Register: August 18, 1999 (Volume 64, Number 159)] [Notices] [Page 44945] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr18au99-89] ----------------------------------------------------------------------- DEPARTMENT OF JUSTICE Executive Office for U.S. Attorneys [Docket No. 97592] Waiver of the Data Encryption Standard; Federal Information Processing Standards Publication (FIPS) 46-2; ``Data Encryption Standard (DES)'' AGENCY: Executive Office for U.S. Attorneys, Department of Justice. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The Federal Information Processing Standards Publication (FIPS) 46-2 entitled ``Data Encryption Standard (DES)'' requires that a notice be published in the Federal Register whenever a waiver to the DES standard is approved. DATES: The waiver was approved on June 9, 1999. ADDRESSES: U.S. Department of Justice, Executive Office for U.S. Attorneys, 600 E Street N.W., Suite 6004, Washington, DC 20530. FOR FURTHER INFORMATION CONTACT: Harvey Press (202) 616-6442. SUPPLEMENTARY INFORMATION: FIPS 46-2 ``Data Encryption Standards (DES)'' requires a notice be published in the Federal Register whenever a waiver is granted. The Executive Office for U.S. Attorneys (EOUSA) of the Department of Justice (DOJ), because of our concerns that single DES has been shown vulnerable to attack, we intend to utilize Triple DES. Therefore, the EOUSA, to provide stronger security, will utilize Triple DES as its encryption algorithms for its Virtual Private Network (VPN)/firewall implementation. Harvey Press, Assistant Director for Telecommunication and Technical Development Staff. [FR Doc. 99-21367 Filed 8-17-99; 8:45 am] BILLING CODE 4410-07-M --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'