[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last ditch proposal for crypto suites

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, Alex Alten <Alten@attbi.com>, Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
Subject: RE: Last ditch proposal for crypto suites
From: Scott Fluhrer <sfluhrer@cisco.com>
Date: Fri, 30 Aug 2002 10:22:09 -0700
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F40DF2DCA2@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

At 06:45 AM 8/30/02 , Hallam-Baker, Phillip wrote:
>Actually following on from Radia's point I think we would have three suites:
>
>1: RSA/3DES-CBC/SHA-1 
>2: RSA/AES-CTR-128/SHA-2
>3: RSA/AES-CTR-256/SHA-2

One problem with mandating AES counter mode is that there's been quite a bit
of hardware development that assumed the AES CBC mode draft.  Some of it can
be changed to use counter mode without too much pain and effort, but some of
it can't.  If these are MUST suites, this means that those implementations
cannot do IKEv2 efficiently, not because they cannot do the IKEv2 protocol
itself, but because they cannot do the negotiated IPSec transforms.  I would
suggest that this is not in the IETF's best interest to impose such
limitations.

-- 
scott

Follow-Ups:
- RE: Last ditch proposal for crypto suites
  - From: Alex Alten <Alten@attbi.com>

References:
- RE: Last ditch proposal for crypto suites
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: RE: Last ditch proposal for crypto suites
Next by Date: Re: Last ditch proposal for crypto suites
Prev by thread: RE: Last ditch proposal for crypto suites
Next by thread: RE: Last ditch proposal for crypto suites
Index(es):
- Date
- Thread