[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AES and block size?
IKE supports negotiation or proposal of key size. It doesn't support an
abstraction like RESPONDER-LIFETIME. IKE doesn't at all support negotiation
of block size.
AES (e.g. Rijndael) has variable block size. We can:
1.) Add a block size attribute.
2.) Pick a block size.
I'm sure the AES draft will address this, right? (I hope we pick something
quickly and stick to it - I have PF_KEY mods that depend on the answer.)
And since I'm on the subject, what do I do with IKE in the face of "I'm
willing to support multiple keysizes"? Do I send multiple transforms with
the only difference being different keysize attribute values? Or do I just
pick one and try again later?
Thanks,
Dan