Re: SOI QUESTIONS: 5.1-5.2

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
    >> 5.2.A) Is it important to have predefined suites or a la
    >> carte selection of
    >> parameters?

    Andrew> I prefer to have so-called "GUI ciphersuites" where we allow negotiation of
    Andrew> parameters on the wire, but define names for a few specific combinations.
    Andrew> These common names could then be used in a GUI to ensure easy configuration
    Andrew> of heterogeneous networks. The problem with ciphersuites has traditionally
    Andrew> been that not everyone is going to agree on every parameter. Ciphersuites
    Andrew> will force us to accomodate the lowest common denominator (or perhaps the

  I don't find this acceptable.
  1) in order to avoid permitting users to shoot themselves in the foot, some
     GUI will have to *restrict* them to those ciphersuites.

  2) Given the above, how do I test all combinations?

  Talk to your testing people on this.  Let them make the decision.

  Suites rule.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [