[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
How many algorithms per SA/Transform?
Hi folks!
I've a question about algorithms per transform/SA. The question is:
Will there realistically be more than one algorithm of a given
type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
AUTHENTICATION algorithms) in a single security association?
I don't mean more than one algorithm, period. The Hughes DES/HMAC-MD5
transform proves that we need at least one encryption AND one authentication
algorithm in a single security association. What I'm talking about is if
there will ever be:
DES,Blowfish,Rot13/HMAC-MD5,HMAC-SHA,cksum
in a SINGLE SECURITY ASSOCIATION or a SINGLE TRANSFORM?
It's a question that I personally think the answer to is, "no". I can't
think of any good case (save perhaps protecting headers with one algorithm,
and the data with another...) where you'd need more than one algorithm of
each type in a single association.
Any comments, opinions, etc. are welcome.
--
Daniel L. McDonald - Solaris Internet Engineering || MY OPINIONS ARE NOT
Mail: danmcd@eng.sun.com, danmcd@kebe.com <*> || NOT NECESSARILY SUN'S!
Phone: (415) 786-6815 |"rising falling at force ten
WWW: http://www.kebe.com/~danmcd | we twist the world and ride the wind" - Rush
Follow-Ups: