[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites



At 11:44 AM -0400 8/29/02, Steven M. Bellovin wrote:
>You know my opinion -- scrap a la carte.  But let me ask the question
>differently:  Paul Hoffman, in your interoperability tests do you see
>many different combinations actually used?  Or don't your tests go
>there?

We see a huge amount of variation. Of the systems that have GUIs, I have seen
- default of DES and MD5
- default of DES and SHA-1
- default of TripleDES and SHA-1
- no options: always does TripleDES and SHA-1
and probably some others I have forgotten.

Note that some of these systems have GUIs that only allow single 
choices for the administrator, but send out multiple proposals anyway 
("in order to increase interoperability", I am told).

Almost every system allows different settings for Phase 1 and Phase 
2, and on the ones I tinkered with, none warned if you used DES in 
Phase 1 and TripleDES in Phase 2.

Based on this and the agony I hear from users, I'm a strong proponent 
of suites.

>As for the specific suggestion -- I think I'd rather keep a la carte,
>rather than the hybrid suggestion.  I fear the complexity, not just of
>having both sets of code, but also of being able to cope correctly with
>an offer or a response that specified one a la carte entry *and* one
>suite.  I think the potential for bugs there is high.  But if we want
>to go there, we need to specify precisely how to deal with the
>situation.  In particular, we need to specify the rules on how to
>decide which to accept, and what to do if there is an apparent conflict
>in a response.

We agree here. And I agree with what Phill said: if you need a la 
carte for some reason, use IKEv1. IKEv2 should be simple, and suites 
are simpler.

--Paul Hoffman, Director
--VPN Consortium