[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last ditch proposal for crypto suites
On Thu, 29 Aug 2002 12:47:23 PDT you wrote
>
> Almost no one
> in their right mind would really mean that Phase 1 be protected with
> DES and Phase 2 be protected with TripleDES, but many UIs make that
> easy to do.
Why not? There is nothing particularly interesting in phase 1 anyway.
This was especially true with IKEv1 where there were no TR payloads sent
in phase 1.
We're talking about two different proposals (whether it's suites or
a la carte). One to protect the IKE traffic and another to protect the
bulk data. Those two traffic flows are quite different and their
security needs are different as well.
Dan.