[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Transforms" per se going away?

To: Dan.McDonald@Eng.sun.com (Dan McDonald)
Subject: Re: "Transforms" per se going away?
From: Stephen Kent <kent@bbn.com>
Date: Thu, 13 Feb 1997 13:45:49 -0500
Cc: ipsec@tis.com
In-Reply-To: <199702130007.QAA28204@kebe.eng.sun.com>
Sender: owner-ipsec@ex.tis.com

Dan,

	I don't think my intent has been to move to exactly the "list"
approach you describe in your message.  For example, not all combinations
of encryption algorithms, modes, and IV options make sense.   I was
assuming that we would have a regsitered set (with the IANA) of
combinations of encryption, authentication, and anti-replay options, each
set of which defines a "transform" (using the curent terminology).  This
makes clear to implementors what combinations must be supported and allows
for elimination of combinations that the community (WG?) thinks are
inappropriate, i.e., don't allocate a transform ID for a combination that
is considered "bad."  The real goals of the new AH and ESP specs are to
eliminate the need to issue a combinatorial number of transform RFCs, to
centralize common definitions, etc.  One can still have a fairly modular
implementation as you describe, but by grouping the attributes of
transforms, one also can accommodate less modular implementations as well.

Steve

References:

"Transforms" per se going away?

From: Dan.McDonald@Eng.sun.com (Dan McDonald)

Prev by Date: RE: replay field size straw poll
Next by Date: RE: Straw Poll and Alignment
Prev by thread: Re: "Transforms" per se going away?
Next by thread: RE: "Transforms" per se going away?
Index(es):
- Main
- Thread