[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last ditch proposal for crypto suites
>>>>> "Alex" == Alex Alten <Alten@attbi.com> writes:
Alex> At 05:58 PM 8/29/2002 -0400, Charlie_Kaufman@notesdev.ibm.com
Alex> wrote:
>> I propose that we remove the text for a la carte negotiation from
>> the IKEv2 spec,
Alex> ...
Alex> We only need to spec two MUST have suites. RSA/3DES-CBC/SHA-1
Alex> and RSA/AES-CTR-128/SHA-2. Forget the rest, they are going
Alex> into the dustbin of history. Details like PFS, HMAC should be
Alex> the same across the suites.
I almost agree, except I'd make the second SHA-1 since SHA-2 is so
new. If people insist on SHA-2, then add RSA/AES/SHA-1 instead, as a
third suite.
paul