[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: tunnel mode
>----------
>From: Roy Pereira
>Sent: Tuesday, December 17, 1996 6:00 PM
>To: 'Derrell Piper'
>Subject: RE: tunnel mode
>
>Derrell, how do we do DES-HMAC-MD5/SHA1 in tunnel mode? Your >current draft
doesn't allow for this. Am I missing something? It also >doesn't
include the newer 3DES-HMAC-MD5/SHA1.
>Except for the old-style ESP, you can't in the current incarnation of the
>drafts.
>
>I made a note during the ipsec wg that I needed to add Tunnel and Transport
>SA Attributes. They'll be in the next version of the draft, along with a
>proscribed set of defaults for the existing attributes.
>Suggestions on what those defaults should be are most welcome...
>SA Attributes is what I was thinking as well.
>This also leads to us questioning if we should have a HMAC attribute as well?
>As in which HMAC (if any) do you wish to use for the Encription transform X.
>Then we could have ESP transforms
> DES = 1
> 3DES = 2
> RC5 = 3
>
>with attributes of:
> IV size (int) [default=0, ECB mode]
> Tunnel Mode (bool) [default=false]
> HMAC Alg (int)
> None = 0 (dont use HMAC authentication) [default]
> MD5 = 1
> SHA1 = 2
> Replay (bool) [default=false]
> key life type (int) [default=0, no limit]
> seconds = 1
> kilobytes = 2
> key life duration (int)
>
>
>
>
>
>
Follow-Ups: