[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris questions

To: bsimpson@morningstar.com
Subject: Re: Photuris questions
From: Hilarie Orman <ho@cs.arizona.edu>
Date: Fri, 15 Sep 1995 18:43:51 -0700
Cc: ipsec@ans.net
In-Reply-To: Yourmessage <199509151552.AA53295@interlock.ans.net>

The initiator cannot indicate that it is willing to use MD5 or SHA for
the key hash but will only use SHA for the security association.
Is this a deliberate design decision?

As Bill Sommerfield points out, the responder can choose AH even if it
is capable of supporting ESP.  The initiator should be able to
indicate early on that this will not be acceptable.  The initiator
might be capable of supporting ESP, but chooses AH; possibly the
responder should be able to indicate to the responder "although you
seem to be capable of supporting ESP, you aren't using it, please do so."

Follow-Ups:

Re: Photuris questions

From: "Angelos D. Keromytis" <kermit@forthnet.gr>

References:

Re: Photuris questions

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: going forward
Next by Date: Re: Photuris questions
Prev by thread: Re: Photuris questions
Next by thread: Re: Photuris questions
Index(es):
- Main
- Thread