[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 5.1-5.2
>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
>> 5.2.A) Is it important to have predefined suites or a la
>> carte selection of
>> parameters?
Andrew> I prefer to have so-called "GUI ciphersuites" where we allow negotiation of
Andrew> parameters on the wire, but define names for a few specific combinations.
Andrew> These common names could then be used in a GUI to ensure easy configuration
Andrew> of heterogeneous networks. The problem with ciphersuites has traditionally
Andrew> been that not everyone is going to agree on every parameter. Ciphersuites
Andrew> will force us to accomodate the lowest common denominator (or perhaps the
I don't find this acceptable.
1) in order to avoid permitting users to shoot themselves in the foot, some
GUI will have to *restrict* them to those ciphersuites.
2) Given the above, how do I test all combinations?
Talk to your testing people on this. Let them make the decision.
Suites rule.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [