[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Last ditch proposal for crypto suites
I consider the exponential growth of suites under vanity crypto is the
reason to go for suites.
If the products are going to be tested, vanity crypto results in exponential
testing requirements. Cutting an OID is way less work than doing a test
properly.
Basically with suites the window for vanity crypto is going to be much
smaller. That is a good thing.
Phill
> -----Original Message-----
> From: Paul Koning [mailto:pkoning@equallogic.com]
> Sent: Thursday, August 29, 2002 3:01 PM
> To: Radia.Perlman@sun.com
> Cc: ipsec@lists.tislabs.com
> Subject: Re: Last ditch proposal for crypto suites
>
>
> >>>>> "Radia" == Radia Perlman <- Boston Center for
> Networking <Radia.Perlman@sun.com>> writes:
>
> Radia> I remember in person, and at the mike at meetings, enough
> Radia> people arguing for a la carte that we didn't switch, but I
> Radia> don't remember who was arguing for it. I think the argument
> Radia> was that the number of suites defined tends to grow
> Radia> exponentially, especially with new vanity crypto
> algorithms, ...
>
> That sounds like an *excellent* argument in favor of suites.
>
> Based on previous experience, I can see an argument right now for at
> most 3 mandatory suites (esp sha1 alone, sha1 with 3des, sha1 with
> aes) and less than 10 optional ones (the above with md5 instead of
> sha1, basically). The "exponential" argument sounds like a red
> herring.
>
> paul
>