[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Last ditch proposal for crypto suites
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 29 Aug 2002 23:58:58 -0400 (EDT)
In-Reply-To: <200208292310.g7TNAi8u000914@mail2.trpz.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 29 Aug 2002, Dan Harkins wrote:
> >                                                         Almost no one 
> > in their right mind would really mean that Phase 1 be protected with 
> > DES and Phase 2 be protected with TripleDES...
> 
>  ...We're talking about two different proposals (whether it's suites or
> a la carte). One to protect the IKE traffic and another to protect the 
> bulk data. Those two traffic flows are quite different and their
> security needs are different as well.

Yes, but under what circumstances would that particular combination make
sense?  If 3DES is fast enough to be used for bulk data, it is fast enough
to be used for IKE traffic.  Given that IKE traffic is such a tiny fraction
of the normal traffic flow, there is just no sense in not using the best
crypto algorithm you've got to protect it.

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:
- Re: Last ditch proposal for crypto suites
  - From: Paul Koning <pkoning@equallogic.com>

References:
- Re: Last ditch proposal for crypto suites
  - From: Dan Harkins <dharkins@tibernian.com>

Prev by Date: Re: Last ditch proposal for crypto suites
Next by Date: Re: Last ditch proposal for crypto suites
Prev by thread: Re: Last ditch proposal for crypto suites
Next by thread: Re: Last ditch proposal for crypto suites
Index(es):
- Date
- Thread