[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on draft-ietf-ipsec-ike-01.txt (long)

To: ipsec@lists.tislabs.com
Subject: RE: Comments on draft-ietf-ipsec-ike-01.txt (long)
From: CTrobridge@baltimore.com
Date: Tue, 8 Jun 1999 15:17:28 +0100
Sender: owner-ipsec@lists.tislabs.com

> My query would have been whether they should be prohibited
> from REJECTING a key length greater than they've configured.
> 
> You configure for, say 128-bit Blowfish. I offer 448. The
> algorithm costs no more to run with the longer key. Clearly
> you SHOULD accept. I'd like to see the standard say you MUST
> accept.

This would mean that if you implement an algorithm with variable length then
you must support all key lengths?

Making this a MUST would render existing systems non-compliant even though
they are not currently required to support (eg) larger groups (it is only a
MUST to support group 2).

I would rather the issue of negotiating up is left to local security policy.

Chris

Prev by Date: I-D ACTION:draft-ietf-ipsec-pki-req-02.txt
Next by Date: can ISAKMP cookies be zero?
Prev by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
Next by thread: RE: Comments on draft-ietf-ipsec-ike-01.txt (long)
Index(es):
- Main
- Thread