Re: Last ditch proposal for crypto suites

[Lakshminath Dondeti <ldondeti@nortelnetworks.com>]

One of the advantages of suites is that the SA payload will become 
compact, and perhaps there will be better interoperability.  By allowing 
both, and having to be able to process both (ok, skip over in case of a 
la carte transforms), we begin to lose some of the above benefits. Also, 
as Steve Bellovin pointed out, the "hybrid" approach may result in buggy 
code.

My point is that we should get a consensus of the WG, pick one of the 
two approaches, and be done with this discussion once and for all.

regards,
Lakshminath

Radia Perlman - Boston Center for Networking wrote:

> 	From: Lakshminath Dondeti <ldondeti@nortelnetworks.com>
> 
> 	 From what I understand from the concrete proposal below, a compliant 
> 	implementation MUST recognize suites as well as ala carte proposals. 
> 	How does this make life any easier for anyone?
> 	
> 	regards,
> 	Lakshminath
> 
> As I read Charlie's concrete proposal, it says that an implementation
> can choose to implement only suites. Only the suites would be mandatory
> to implement, and the only a la carte code necessary would be the ability
> to skip over the a la carte stuff.
> 
> I remember in person, and at the mike at meetings, enough people arguing
> for a la carte that we didn't switch, but I don't remember who was arguing
> for it. I think the argument was that the number of suites defined tends
> to grow exponentially, especially with new vanity crypto algorithms, but
> I'd think whoever defined the vanity algorithm could choose which hash,
> signature scheme, etc., went with it, and wouldn't need that algorithm
> in combination with lots of choices.
> 
> I did enjoy the quote Charlie put into the spec until the rest of us
> noticed and made him take it out..."Assembly of SA payload requires
> great peace of mind" (paraphrase of quote from Zen and the Art
> of Motorcycle Maintenance). :-)
> 
> Radia
> 
> 
>