[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How many algorithms per SA/Transform?
Please remind me we don't ever want to be in a situation where we both
encrypt and sign each packet, thus using an encryption algorithm, a
signing algorithm, and an authentication algorithm....
At 02:12 PM 3/5/97 -0500, you wrote:
>At 02:06 PM 3/3/97 -0800, Dan McDonald wrote:
>>Hi folks!
>>
>>I've a question about algorithms per transform/SA. The question is:
>>
>> Will there realistically be more than one algorithm of a given
>> type (i.e. 2 or more ENCRYPTION algorithms or 2 or more
>> AUTHENTICATION algorithms) in a single security association?
>>
>>I don't mean more than one algorithm, period. The Hughes DES/HMAC-MD5
>>transform proves that we need at least one encryption AND one authentication
>>algorithm in a single security association. What I'm talking about is if
>>there will ever be:
>>
>> DES,Blowfish,Rot13/HMAC-MD5,HMAC-SHA,cksum
>>
>>in a SINGLE SECURITY ASSOCIATION or a SINGLE TRANSFORM?
>>
>>It's a question that I personally think the answer to is, "no". I can't
>>think of any good case (save perhaps protecting headers with one algorithm,
>>and the data with another...) where you'd need more than one algorithm of
>>each type in a single association.
>>
>>Any comments, opinions, etc. are welcome.
>>
>I would also say NO.
>
>--Naganand
>----------------------------------------------------------------
>naganand@ftp.com
>Tel #: (508)684-6743 (O)
>
>
>
--------
Rodney Thayer <rodney@sabletech.com>
PGP Fingerprint: BB1B6428 409129AC 076B9DE1 4C250DD8