[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last ditch proposal for crypto suites
At 11:44 AM -0400 8/29/02, Steven M. Bellovin wrote:
>You know my opinion -- scrap a la carte. But let me ask the question
>differently: Paul Hoffman, in your interoperability tests do you see
>many different combinations actually used? Or don't your tests go
>there?
We see a huge amount of variation. Of the systems that have GUIs, I have seen
- default of DES and MD5
- default of DES and SHA-1
- default of TripleDES and SHA-1
- no options: always does TripleDES and SHA-1
and probably some others I have forgotten.
Note that some of these systems have GUIs that only allow single
choices for the administrator, but send out multiple proposals anyway
("in order to increase interoperability", I am told).
Almost every system allows different settings for Phase 1 and Phase
2, and on the ones I tinkered with, none warned if you used DES in
Phase 1 and TripleDES in Phase 2.
Based on this and the agony I hear from users, I'm a strong proponent
of suites.
>As for the specific suggestion -- I think I'd rather keep a la carte,
>rather than the hybrid suggestion. I fear the complexity, not just of
>having both sets of code, but also of being able to cope correctly with
>an offer or a response that specified one a la carte entry *and* one
>suite. I think the potential for bugs there is high. But if we want
>to go there, we need to specify precisely how to deal with the
>situation. In particular, we need to specify the rules on how to
>decide which to accept, and what to do if there is an apparent conflict
>in a response.
We agree here. And I agree with what Phill said: if you need a la
carte for some reason, use IKEv1. IKEv2 should be simple, and suites
are simpler.
--Paul Hoffman, Director
--VPN Consortium