[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: change in isakmp/oakley
Hugo,
> > Is the (non)mixing of Ni and Nr in encryption mode authentication broken
> > or does it just reenforce the brokenness of certain (as yet unnamed) prfs?
>
> It may be closer to the latter, but still a MUST to fix.
> You have no "right" to give future implementations a rope to
> hung themselves..
I'm not claiming a right to anything (except to own handguns and assault
weapons). In fact, I'm particularly agnostic on the whole issue-- which
just might be a first for me :-)
But I haven't really seen a groundswell of support or opposition and that's
a bit disheartening. Can somebody out there in ipsec-land who gives a damn
either way speak up?
I'm willing to change the draft if enough people say it's important. I'm
also willing to leave it alone and let people negotiate ROT-13 for encryption
and the futuristic-key-truncating MAC for authentication (using private use
attributes of course-- I wouldn't include them in the draft) if they're that
stupid.
Speak up now, please.
Dan.
----------------------------------------------------------------------------
---
Dan Harkins | E-mail: dharkins@ipsec.com
Network Protocol Security, cisco Systems | phone: +1 (408) 526-5905
170 W. Tasman Drive | fax: +1 (408) 526-4952
San Jose, CA 95134-1706 | ICBM: 37.45N, 122.03W
U.S. of A. | http://www.beer.org/~dharkins
----------------------------------------------------------------------------
---
For your safety and the safety of others: concealed carry, and strong crypto.
----------------------------------------------------------------------------
---
Follow-Ups:
References: