[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites

To: Alten@attbi.com
Subject: Re: Last ditch proposal for crypto suites
From: Paul Koning <pkoning@equallogic.com>
Date: Fri, 30 Aug 2002 10:28:38 -0400
Cc: Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
References: <OFFE7F83C3.72343742-ON85256C24.0077E42F-85256C24.0078B6BE@iris.com><3.0.3.32.20020829233313.013a6040@mail>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Alex" == Alex Alten <Alten@attbi.com> writes:

 Alex> At 05:58 PM 8/29/2002 -0400, Charlie_Kaufman@notesdev.ibm.com
 Alex> wrote:
 >> I propose that we remove the text for a la carte negotiation from
 >> the IKEv2 spec,
 Alex> ...

 Alex> We only need to spec two MUST have suites.  RSA/3DES-CBC/SHA-1
 Alex> and RSA/AES-CTR-128/SHA-2.  Forget the rest, they are going
 Alex> into the dustbin of history.  Details like PFS, HMAC should be
 Alex> the same across the suites.

I almost agree, except I'd make the second SHA-1 since SHA-2 is so
new.  If people insist on SHA-2, then add RSA/AES/SHA-1 instead, as a
third suite.

      paul

Follow-Ups:
- suites - phase 1 vs 2
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: Last ditch proposal for crypto suites
  - From: Charlie_Kaufman@notesdev.ibm.com
- Re: Last ditch proposal for crypto suites
  - From: Alex Alten <Alten@attbi.com>

Prev by Date: Re: Last ditch proposal for crypto suites
Next by Date: Re: Last ditch proposal for crypto suites
Prev by thread: Re: Last ditch proposal for crypto suites
Next by thread: suites - phase 1 vs 2
Index(es):
- Date
- Thread