Re: How many algorithms per SA/Transform?

[Norman Shulman <norm@border.com>]

On Mon, 3 Mar 1997, Dan McDonald wrote:

> I've a question about algorithms per transform/SA.  The question is:
> 
> 	Will there realistically be more than one algorithm of a given
> 	type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
> 	AUTHENTICATION algorithms) in a single security association?
> 
> I don't mean more than one algorithm, period.  The Hughes DES/HMAC-MD5
> transform proves that we need at least one encryption AND one authentication
> algorithm in a single security association.  What I'm talking about is if
> there will ever be:
> 
> 	DES,Blowfish,Rot13/HMAC-MD5,HMAC-SHA,cksum
> 
> in a SINGLE SECURITY ASSOCIATION or a SINGLE TRANSFORM?
> 
> It's a question that I personally think the answer to is, "no".  I can't
> think of any good case (save perhaps protecting headers with one algorithm,
> and the data with another...) where you'd need more than one algorithm of
> each type in a single association.
> 
> Any comments, opinions, etc. are welcome.

Recent relaxation of US export controls make DES more readily available
internationally. Someone who wants more security than DES provides might well
consider using AH-DES-DES-DES.

Norm


                   Norman Shulman      Secure Computing Canada
     	        Systems Developer      Tel 1 416 813 2075
                  norm@border.com      Fax 1 416 813 2001

---

Follow-Ups:

• Re: How many algorithms per SA/Transform?
• From: Stephen Kent <kent@bbn.com>

References:

• How many algorithms per SA/Transform?
• From: Dan.McDonald@Eng.sun.com (Dan McDonald)

---

• Prev by Date: Re: How many algorithms per SA/Transform?
• Next by Date: Re: How many algorithms per SA/Transform?
• Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• Index(es):
  • Main
  • Thread