[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH and ESP othogoanlity

To: ipsec@TIS.COM
Subject: Re: AH and ESP othogoanlity
From: William Allen Simpson <wsimpson@greendragon.com>
Date: Tue, 12 Mar 96 18:36:41 GMT
Sender: ipsec-request@neptune.tis.com

> From: Naganand Doraswamy <naganand@ftp.com>
> The only problem I see with it is that there will be deployments for IPSEC
> in the very near future and most of the the implementations have implemented
> RFC's 1828 and 1829. We definitely cannot stop this as many customers have
> been asking for it.
>
I agree.


> This may cause configuration problems for old implementation (implementing
> only 1829) to interoperate with the newer implementation which may support
> both 1829 and the new transform. Can we allocated numbers to the transforms
> as most of the key management protocols do so that configuring with manual
> keying is simplified?
>
Well, I don't particularly like numbers for manual configuration, and
the RFC numbers can change as the documents are progressed along
standards track.

The way I'm doing it is by naming:

        MD5E            AH with MD5 "envelope"
        MD5N            AH with MD5 "nested"
        SHA1E           AH with SHA1 "envelope"
        SHA1N           AH with SHA1 "nested"
        DES1IV32        ESP with Single DES with 32-bit IV
        DES1IV64        ESP with Single DES with 64-bit IV
        DES3IV32        ESP with Triple DES with 32-bit IV
        DES3IV64        ESP with Triple DES with 64-bit IV

Make sense to you?

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: AH and ESP Orthogonality
Next by Date: Re: AH and ESP othogoanlity
Prev by thread: Re: AH and ESP othogoanlity
Next by thread: A comment from the co-chair
Index(es):
- Main
- Thread