[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH and ESP othogoanlity
> From: Naganand Doraswamy <naganand@ftp.com>
> The only problem I see with it is that there will be deployments for IPSEC
> in the very near future and most of the the implementations have implemented
> RFC's 1828 and 1829. We definitely cannot stop this as many customers have
> been asking for it.
>
I agree.
> This may cause configuration problems for old implementation (implementing
> only 1829) to interoperate with the newer implementation which may support
> both 1829 and the new transform. Can we allocated numbers to the transforms
> as most of the key management protocols do so that configuring with manual
> keying is simplified?
>
Well, I don't particularly like numbers for manual configuration, and
the RFC numbers can change as the documents are progressed along
standards track.
The way I'm doing it is by naming:
MD5E AH with MD5 "envelope"
MD5N AH with MD5 "nested"
SHA1E AH with SHA1 "envelope"
SHA1N AH with SHA1 "nested"
DES1IV32 ESP with Single DES with 32-bit IV
DES1IV64 ESP with Single DES with 64-bit IV
DES3IV32 ESP with Triple DES with 32-bit IV
DES3IV64 ESP with Triple DES with 64-bit IV
Make sense to you?
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2