[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: tunnel mode

To: "'IPSEC Mailing List'" <ipsec@ex.tis.com>, "'isakmp-oakley'" <isakmp-oakley@cisco.com>
Subject: FW: tunnel mode
From: Roy Pereira <rpereira@TimeStep.com>
Date: Tue, 17 Dec 1996 18:06:07 -0500
Sender: owner-ipsec@ex.tis.com

>----------
>From: 	Roy Pereira
>Sent: 	Tuesday, December 17, 1996 6:00 PM
>To: 	'Derrell Piper'
>Subject: 	RE: tunnel mode 
>
>Derrell, how do we do DES-HMAC-MD5/SHA1 in tunnel mode?  Your >current draft
doesn't allow for this.  Am I missing something?  It also >doesn't
include the newer 3DES-HMAC-MD5/SHA1.

>Except for the old-style ESP, you can't in the current incarnation of the
>drafts.
>
>I made a note during the ipsec wg that I needed to add Tunnel and Transport
>SA Attributes.  They'll be in the next version of the draft, along with a
>proscribed set of defaults for the existing attributes.

>Suggestions on what those defaults should be are most welcome...


>SA Attributes is what I was thinking as well.

>This also leads to us questioning if we should have a HMAC attribute as well?
>As in which HMAC (if any) do you wish to use for the Encription transform X.
>Then we could have ESP transforms 
>	DES = 1
>	3DES = 2
>	RC5 = 3
>
>with attributes of:
>	IV size (int) [default=0, ECB mode]
>	Tunnel Mode (bool) [default=false]
>	HMAC Alg (int)
>		None = 0 (dont use HMAC authentication) [default]
>		MD5 = 1
>		SHA1 = 2
>	Replay (bool) [default=false]
>	key life type (int) [default=0, no limit]
>		seconds = 1
>		kilobytes = 2
>	key life duration (int)
>
>
>
>
>
>

Follow-Ups:

Re: FW: tunnel mode

From: Daniel Harkins <dharkins@cisco.com>

Re: key life attributes (Was: Re: FW: tunnel mode)

From: Lewis McCarthy <lmccarth@cs.umass.edu>

Prev by Date: ISAKMP Notify and Delete payloads and Protocol-Id
Next by Date: Re: FW: tunnel mode
Prev by thread: ISAKMP Notify and Delete payloads and Protocol-Id
Next by thread: Re: FW: tunnel mode
Index(es):
- Main
- Thread