[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: change in isakmp/oakley



>   But I haven't really seen a groundswell of support or opposition and that's
> a bit disheartening. Can somebody out there in ipsec-land who gives a damn
> either way speak up?

No one can prevent folks from writing insecure prf's or bad ciphers.  You
can define the properties of a prf or cipher that secure instantiations
should exhibit.  Lopping off key bits just seems wrong and I would support
adding text to the prf section of the upcoming resolution document to say,
"don't do that."

However, given that Hugo has not shown any problems with the current prf's
that are defined, I would leave the current definition as is.

Derrell


References: