Re: Comments on draft-ietf-ipsec-ike-01.txt (long)

["David W. Faucher" <dfaucher@lucent.com>]

> 
>  >> So let me ask the entire working group: should vendors be
>  >> prohibited from accepting a key length greater than what they have
>  >> configured? Should they be prohibited from accepting a stronger
>  >> group?
> 

I may be in the minority here but I see this as an implementation
issue. I would argue that a system should be configured to provide 
a level of security comparable to the value of the information
being protected. Overriding that configuration just because it is 
capable doesn't necessarily mean it should.

I'm not arguing for prohibiting such behavior. I'm just not for
recommending it. If an implementation chooses to accept such
behavior that fine. On the other hand, an implementation could
just as easily allow such behavior to be configured.

thanks,

David W. Faucher

---

Follow-Ups:

• Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• From: Sandy Harris <sandy.harris@sympatico.ca>

References:

• Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• From: Dan Harkins <dharkins@network-alchemy.com>
• Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• From: "Derrell D. Piper" <ddp@network-alchemy.com>
• Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: Re: Comments on Section 3.1 of new IKE draft
• Next by Date: Re: Comments on draft-ietf-ipsec-ike-01.txt
• Prev by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• Next by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• Index(es):
  • Main
  • Thread