[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How many algorithms per SA/Transform?

To: Dan.McDonald@Eng.sun.com (Dan McDonald)
Subject: Re: How many algorithms per SA/Transform?
From: Naganand Doraswamy <naganand@ftp.com>
Date: Wed, 05 Mar 1997 14:12:38 -0500
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

At 02:06 PM 3/3/97 -0800, Dan McDonald wrote:
>Hi folks!
>
>I've a question about algorithms per transform/SA.  The question is:
>
>	Will there realistically be more than one algorithm of a given
>	type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
>	AUTHENTICATION algorithms) in a single security association?
>
>I don't mean more than one algorithm, period.  The Hughes DES/HMAC-MD5
>transform proves that we need at least one encryption AND one authentication
>algorithm in a single security association.  What I'm talking about is if
>there will ever be:
>
>	DES,Blowfish,Rot13/HMAC-MD5,HMAC-SHA,cksum
>
>in a SINGLE SECURITY ASSOCIATION or a SINGLE TRANSFORM?
>
>It's a question that I personally think the answer to is, "no".  I can't
>think of any good case (save perhaps protecting headers with one algorithm,
>and the data with another...) where you'd need more than one algorithm of
>each type in a single association.
>
>Any comments, opinions, etc. are welcome.
>
I would also say NO.

--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)

Follow-Ups:

Re: How many algorithms per SA/Transform?

From: Ben Rogers <ben@Ascend.COM>

Prev by Date: Re: How many algorithms per SA/Transform?
Next by Date: To compress or not to compress.
Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Index(es):
- Main
- Thread