[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites



On Thu, 29 Aug 2002 12:47:23 PDT you wrote
> 
>                                                         Almost no one 
> in their right mind would really mean that Phase 1 be protected with 
> DES and Phase 2 be protected with TripleDES, but many UIs make that 
> easy to do.

  Why not? There is nothing particularly interesting in phase 1 anyway.
This was especially true with IKEv1 where there were no TR payloads sent
in phase 1.

  We're talking about two different proposals (whether it's suites or
a la carte). One to protect the IKE traffic and another to protect the 
bulk data. Those two traffic flows are quite different and their
security needs are different as well.

  Dan.