[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on draft-ietf-ipsec-ike-01.txt
Wouldn't it be valid for local policy to preclude disclosing
the fact of particular crypto capabilities in some
contexts?
I tend towards the idea that the policy specifiers should
say which offers are valid in which contexts; the
advice to "lean towards stronger crypto" should fall
on their ears.
I also feel queasy about the assumption that there is a
monotone relation between a parameter and the crypto
strength. Embodying this interpretation in IKE might
be the sort of thing that returns to haunt.
Hilarie