[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference tuxedo::dce-products

Title:DCE Product Information
Notice:Kit Info - See 2.*-4.*
Moderator:TUXEDO::MAZZAFERRO
Created:Fri Jun 26 1992
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:2269
Total number of notes:10003

2059.0. "Question to privacy option" by VIRGIN::BILL (DCE Support Switzerland, 7760-2803) Mon Nov 11 1996 13:58

T.RTitleUserPersonal
Name		DateLines
2059.1My guess...TUXEDO::BENOITTue Nov 12 1996 16:1926
2059.2Still true ?TKOV60::SHINDOY.Shindo/EJ3 PSC/Tokyo/Japan/8-699-4652Thu Jan 23 1997 09:4224
2059.3TUXEDO::WRAYJohn Wray, Distributed Processing EngineeringThu Jan 23 1997 13:0513
2059.4Workaround ?TKOV60::SHINDOY.Shindo/EJ3 PSC/Tokyo/Japan/8-699-4652Mon Jan 27 1997 00:1626
John,

Thanks for the info.

>    Currently, 40-bit DES-like privacy would be exportable, and soon full
>    DES will be exportable provided it's coupled with mandatory key-escrow
>    (the detailed escrow requirments are still unclear).  

     Full DES with mandatory key-escrow is a weaker type of privacy, isn't it ?

>    We have no
>    current plans to implement either of these options.  Do you have a
>    business need for a weaker type of privacy that might be satisfied by
>    either option?  

     Yes and no. 
     Our customer(NTT, do you know ?) is trying to use DCE/RPC with data 
     encryption mechanism somehow. They don't care about DES, however they'd 
     like to use something like that.

     Can we use 40-bit DES-like privacy from AP, just encrypting data, then 
     flow that data onto the wire as DCE/RPC byte stream ?

     Regards,
     Yoshizumi
2059.5TUXEDO::WRAYJohn Wray, Distributed Processing EngineeringMon Jan 27 1997 13:4235
>>    Currently, 40-bit DES-like privacy would be exportable, and soon full
>>    DES will be exportable provided it's coupled with mandatory key-escrow
>>    (the detailed escrow requirments are still unclear).  
>
>     Full DES with mandatory key-escrow is a weaker type of privacy, isn't it ?
    
    Not necessarily.  The US government hasn't defined what's meant by
    mandatory key-escrow, but there are indications that they are prepared
    to be flexible about the identity of the key-escrow agent.  The US
    government realizes that non-US organizations are likely to be
    unwilling to escrow their keys with the US authorties, so the final
    policy will allow (designated) foreign government key-escrow agencies.
    Also it's possible that a large company might be certified to act as
    its own key-escrow agent.
    
>>    We have no
>>    current plans to implement either of these options.  Do you have a
>>    business need for a weaker type of privacy that might be satisfied by
>>    either option?  
>     Yes and no. 
>     Our customer(NTT, do you know ?) is trying to use DCE/RPC with data 
>     encryption mechanism somehow. They don't care about DES, however they'd 
>     like to use something like that.
>
>     Can we use 40-bit DES-like privacy from AP, just encrypting data, then 
>     flow that data onto the wire as DCE/RPC byte stream ?

    You could do that.  However, you'd then lose much of the benefits of RPC,
    in particular the data encoding.  However you could use the R1.1 pickling
    services to pickle your data prior to encrypting it.  But it's a lot
    more work for the application.  
    
    What platform(s) are you working on?
    
    John