[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mandatory Algorithms for ESP?

To: Charles Kunzinger <kunzinge@us.ibm.com>
Subject: Re: Mandatory Algorithms for ESP?
From: Stephen Kent <kent@bbn.com>
Date: Thu, 19 Mar 1998 11:14:57 -0500 (EST)
Cc: <ipsec@tis.com>
In-Reply-To: <5040300013972416000002L062*@MHS>
Sender: owner-ipsec@ex.tis.com

Charlie,

I haven't looked at the mkst recent DOI, but the subset of ESP algorithm
combinations you cited is definately not sufficient.  Certainly we want to
support DES-CBC encryption, and NULL encryption has recently been added
back to ESP, by popular demand.  For authentication, NULL is an option
(i.e., encryption only), as is HMAC.  The only long term ambiguity that may
still exist is whether HMAC must be supported for both SHA-1 and MD5.  This
is the sort of analysis that leads to the ESP mandatory algorithm list, and
I note that it has not changed for quite some time, with the exception of
the very recent addition of NULL encryption as an explicit algorithm.

Steve

References:

Mandatory Algorithms for ESP?

From: Charles Kunzinger <kunzinge@us.ibm.com>

Prev by Date: IKE Loose Ends?
Next by Date: Re: is manual keying mandatory (fwd)
Prev by thread: Re: Mandatory Algorithms for ESP?
Next by thread: Re: Mandatory Algorithms for ESP?
Index(es):
- Main
- Thread