[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last ditch proposal for crypto suites
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Charlie" == Charlie Kaufman <Charlie_Kaufman@notesdev.ibm.com> writes:
Charlie> We mandate must implement suites, where must implement includes
Charlie> must include in proposals. If an initiator proposes no suites
Charlie> that the suite-only partner understands, the negotiation
Charlie> fails. It would be complicated for an initiator to take his a la
Charlie> carte list and automatically figure out what suites are included
Charlie> in there so they can be proposed separately. But that
Charlie> calculation is neither necessary nor (imho)
Charlie> useful. Configuration should enable suites explicitly and
Charlie> separately from a la carte stuff.
So, you are saying that if the operator says he wants 3DES/MD5/LZS
it will be negotiated a la carte. If he will also accept suite #5
(which happens to be 3DES/MD5/LZS), that is a seperate proposal, and
probably a seperate click on the UI.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPW6dcYqHRg3pndX9AQGTiQP9GWKnyhQy8QF3v0foi4akFMze5mLPGqwA
iolHCXk8AvFJgeF6/4QCOTLN1NqJdnCHKmzkEP7L9b5SsR3AtyAV1BHjz0m5g0zK
gIEFLabFiG7xObIgo1MnUhKkDIynWG7+cGiyPG9XpivWnFrnTjyVHM7mVHRnBZtL
rixz6EA6EYE=
=II8E
-----END PGP SIGNATURE-----