[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on draft-ietf-ipsec-ike-01.txt
I guess it would. But that's not what I'm talking about. The text
addresses attributes whose values can be of variable length. So that's
Blowfish's key length, Hasty Pudding's block length, or Diffie-Hellman
groups of the same type. DES vs. 3DES or SHA vs. MD5 or some distinct
invariate algorithm vs. some another distinct invariate algorithm is not
what is being discussed.
The only reasons presented on why someone would not want to negotiate
up are for performance- or memory-constrained implementations. And that's
a perfectly legititmate reason why not to. And that seems to be fine
with a SHOULD. You should increase security if possible unless you have
a good reason why and you fully understand the implications of not doing
so. That's a good reason why not to and the understanding seems to be
there.
Dan.
On Thu, 03 Jun 1999 13:48:14 PDT you wrote
> Hi Dan,
>
> Just a quick question on this, with the caveat that I haven't yet taken
> the time to review the draft (sorry, I'll get to it soon, I promise):
> regarding the question as to whether negotiating upward should be
> prefixed with MAY, SHOULD, etc., something has been nagging at me. Isn't
> this a local policy issue? I mean, if I specify as a matter of policy
> that I want 56-bit DES *only*, wouldn't it be a violation of my policy
> to accept 3DES just because you offer it?
>
> Scott
Follow-Ups:
References: