[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-ike-01.txt (long)

To: "Derrell D. Piper" <ddp@network-alchemy.com>, Dan Harkins <dharkins@network-alchemy.com>
Subject: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
From: Joe Tardo <jtardo@freegate.com>
Date: Wed, 09 Jun 1999 17:48:50 -0700
Cc: Paul Koning <pkoning@xedia.com>, ipsec@lists.tislabs.com
In-Reply-To: <199906031638.JAA21094@gallium.network-alchemy.com>
References: <Your message of "Wed, 02 Jun 1999 14:09:07 PDT." <199906022109.OAA26844@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

Suppose my policy is configured for NULL encryption, would this mean I MUST
encrypt if the offer proposes, say, 3DES first and NULL second?

At 09:38 AM 6/3/99 -0700, Derrell D. Piper wrote:
>>   So let me ask the entire working group: should vendors be prohibited from
>> accepting a key length greater than what they have configured? Should they
>> be prohibited from accepting a stronger group? 
>
>Absolutely not and I'd go so far as to make it a SHOULD instead of a MAY.
>
>We're trying to design good security, not workarounds for bad
implementations.
>
>Derrell
>
>

Follow-Ups:

Re: Comments on draft-ietf-ipsec-ike-01.txt (long)

From: Dan Harkins <dharkins@network-alchemy.com>

References:

Re: Comments on draft-ietf-ipsec-ike-01.txt (long)

From: "Derrell D. Piper" <ddp@network-alchemy.com>

Prev by Date: Re: What's the attribute value for group generator (MODP) ?
Next by Date: Re: NAT and IPSEC INCOMPATIBLE???
Prev by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
Next by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
Index(es):
- Main
- Thread