[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last ditch proposal for crypto suites

To: mdesros@nortelnetworks.com
Subject: RE: Last ditch proposal for crypto suites
From: Paul Koning <pkoning@equallogic.com>
Date: Thu, 29 Aug 2002 16:32:04 -0400
Cc: rcharlet@SonicWALL.com, Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
References: <4D79C746863DD51197690002A52CDA00029BD902@zcard0kc.ca.nortel.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Marc" == Marc Desrosiers <mdesros@nortelnetworks.com> writes:

 Marc> Yes but now you have to create a new suite because the bundle
 Marc> that also contained RSA and AES (as an example) has been
 Marc> deprecated. If you now want to support AES or RSA you have to
 Marc> point to a new suite. How do you maintain interoperability
 Marc> during the transition period?

I don't understand.

Start with a suite: ESP: DES and SHA-1.

Discover that DES is no good (ok, that's very old news).

Define a new suite: ESP: AES and SHA-1.  Relabel that one mandatory,
the DES suite deprecated.

You can now use the new suite with new implementations, and you're
stuck with the old crufty suite with implementations that offer
nothing better.

That works just fine.  It works at least as well as the current
situation with DES.

	  paul

References:
- RE: Last ditch proposal for crypto suites
  - From: "Marc Desrosiers" <mdesros@nortelnetworks.com>

Prev by Date: Re: Last ditch proposal for crypto suites
Next by Date: RE: Last ditch proposal for crypto suites
Prev by thread: RE: Last ditch proposal for crypto suites
Next by thread: RE: Last ditch proposal for crypto suites
Index(es):
- Date
- Thread