How many algorithms per SA/Transform?

[Dan.McDonald@Eng.sun.com (Dan McDonald)]

Hi folks!

I've a question about algorithms per transform/SA.  The question is:

	Will there realistically be more than one algorithm of a given
	type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
	AUTHENTICATION algorithms) in a single security association?

I don't mean more than one algorithm, period.  The Hughes DES/HMAC-MD5
transform proves that we need at least one encryption AND one authentication
algorithm in a single security association.  What I'm talking about is if
there will ever be:

	DES,Blowfish,Rot13/HMAC-MD5,HMAC-SHA,cksum

in a SINGLE SECURITY ASSOCIATION or a SINGLE TRANSFORM?

It's a question that I personally think the answer to is, "no".  I can't
think of any good case (save perhaps protecting headers with one algorithm,
and the data with another...) where you'd need more than one algorithm of
each type in a single association.

Any comments, opinions, etc. are welcome.

--
Daniel L. McDonald  -  Solaris Internet Engineering  ||  MY OPINIONS ARE NOT
Mail: danmcd@eng.sun.com, danmcd@kebe.com <*>        ||  NOT NECESSARILY SUN'S!
Phone: (415) 786-6815            |"rising falling at force ten
WWW: http://www.kebe.com/~danmcd | we twist the world and ride the wind" - Rush

---

Follow-Ups:

• Re: How many algorithms per SA/Transform?
• From: "Angelos D. Keromytis" <angelos@aurora.cis.upenn.edu>
• Re: How many algorithms per SA/Transform?
• From: Norman Shulman <norm@border.com>
• Re: How many algorithms per SA/Transform?
• From: Derrell Piper <piper@tgv.com>

---

• Prev by Date: Re: How many algorithms per SA/Transform?
• Next by Date: truncation
• Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• Index(es):
  • Main
  • Thread