[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More on a second IPSec algorithm



Bill, your discussion is assuming people are doing cryptography in
software.  (Well, you're not alone in that attitude, for sure.)  Lots
of products do cryptography in hardware.  Can the average chip that
can do DES and 3DES in hardware also do DESX?

(This is also the issue with mandating any of the AES candidates at
this time.  Are any available in hardware?)

No question that all the IKE negotiation needs more exercising.  The
spec isn't all that explicit about such things, and the
implementations often choose different responses.  It's not a true
negotiation like PPP, and even PPP can deadlock.



Follow-Ups: References: