[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Regrouping for IPSEC WORKING GROUP LAST CALL

To: Paul Lambert <plambert@certicom.com>, "'Ted Ts'o'" <tytso@MIT.EDU>
Subject: RE: Regrouping for IPSEC WORKING GROUP LAST CALL
From: "Linn, John" <jlinn@securitydynamics.com>
Date: Mon, 23 Feb 1998 09:37:52 -0500
Cc: ho@earth.hpc.org, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Ted's assessment makes sense to me.  

At a finer level of detail, if EC group definitions remain at this
stage, I believe that current text in isakmp-oakley-06 appears
self-inconsistent about the level of the groups' optionality and
probably needs some adjustment or clarification: section 4 states
generally that "ECP and EC2N groups MAY be supported", but sections 6.3
and 6.4 describe the particular cited groups as SHOULDs. 

--jl

> ----------
> From: 	Theodore Y. Ts'o[SMTP:tytso@MIT.EDU]
> Sent: 	Friday, February 20, 1998 11:40 PM
> To: 	Paul Lambert
> Cc: 	ho@earth.hpc.org; ipsec@tis.com
> Subject: 	Re: Regrouping for IPSEC WORKING GROUP LAST CALL
> 
> Question to the working group:
> 
> Should we remove the EC groups altogether and defer these issues to
> IPSECOND?
> 
> I am certainly not an expert in this field, but my understanding is
> that
> each EC group can have radically different properties of speed,
> security, and patent encumberances (if you want to do computations in
> that group efficiently).  Hence, it is not as simple as picking some
> an
> RSA key length, where a bigger RSA key is better than a shorter length
> RSA key.
> 
> It's not clear to we that we can do justice to all of these complex
> and
> inter-related issues during the working group last call.  Sounds to me
> like we might want to defer this issue.  What do others think?
> 
> 						- Ted
>

Prev by Date: Re: new draft-ietf-ipsec-isakmp?
Next by Date: Re: Certificate Requesting
Prev by thread: RE: Regrouping for IPSEC WORKING GROUP LAST CALL
Next by thread: ISAKMP Draft: NotifyCodes, alignment
Index(es):
- Main
- Thread