[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AES draft query

To: ipsec@lists.tislabs.com
Subject: RE: AES draft query
From: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Mon, 20 Mar 2000 16:57:42 -0800
In-Reply-To: <001d01bf92d0$46cf3220$1e0101c8@ANDREWK2.TIMESTEP>
References: <4.3.2.20000318073338.04ed99f0@mail.vpnc.org>
Sender: owner-ipsec@lists.tislabs.com

At 07:56 PM 3/20/00 -0500, Andrew Krywaniuk wrote:
>There seems to be an implicit assumption here that users will be tweaking
>the format of the SA proposals themselves and that they will decide between
>128 bit AES and 256 bit AES.

Correct. The products I have seen all allow this. Some allow it more easily 
than others, and some use terms like "medium" and "high" instead of "80" 
and "128".

>I don't think this is realistic. In 90% of the cases, the users will use
>whatever set of transforms we include as a pre-configured part of the
>product (caveat emptor).

That would be wonderful if it is true. If you're correct about the 90% 
number, it would be interesting to see how many/few users tweak beyond the 
defaults. Of course, it would be interesting to see what each product's 
defaults are. At that point, it would be easy to tell during interop 
testing if a product had reasonable settings by looking at the offers.

--Paul Hoffman, Director
--VPN Consortium

References:

Re: AES draft query

From: Paul Hoffman <paul.hoffman@vpnc.org>

RE: AES draft query

From: "Andrew Krywaniuk" <akrywani@newbridge.com>

Prev by Date: RE: AES draft query
Next by Date: Q: What is advantage of tunnel mode between host to host scenrio?
Prev by thread: RE: AES draft query
Next by thread: RE: AES draft query
Index(es):
- Main
- Thread