Re: change in isakmp/oakley

[EKR <ekr@terisa.com>]

dharkins@ipsec.com writes:

>   Hugo,
> 
> > >   Is the (non)mixing of Ni and Nr in encryption mode authentication broken
> > > or does it just reenforce the brokenness of certain (as yet unnamed) prfs?
> > 
> > It may be closer to the latter, but still a MUST to fix.
> > You have no "right" to give future implementations a rope to
> > hung themselves..
> 
>   I'm not claiming a right to anything (except to own handguns and assault
> weapons). In fact, I'm particularly agnostic on the whole issue-- which
> just might be a first for me :-)
> 
>   But I haven't really seen a groundswell of support or opposition and that's
> a bit disheartening. Can somebody out there in ipsec-land who gives a damn
> either way speak up?
Seems to me that there are any number of ways for people who want
to add new algorithms to go wrong and we can't protect against them
all. Why should this one get special treatment?

Provided that it's strong with the current algorithm set, 
I say leave it alone.

-Ekr

-- 
[Eric Rescorla                             Terisa Systems, Inc.]
		"Put it in the top slot."

---

Follow-Ups:

• Re: change in isakmp/oakley
• From: Derrell Piper <piper@cisco.com>

References:

• Re: change in isakmp/oakley
• From: dharkins@ipsec.com

---

• Prev by Date: Re: change in isakmp/oakley
• Next by Date: Re: change in isakmp/oakley
• Prev by thread: Re: change in isakmp/oakley
• Next by thread: Re: change in isakmp/oakley
• Index(es):
  • Main
  • Thread