suites - phase 1 vs 2

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


Charlie, 

I'm not clear if we are going to define common suites for *both* phase 1 and
2 use. If we are, then I think that we should seperate the phase 1
authentication algorithm from the phase 1 cipher/encryption
routine. i.e. they should be negotiated seperately.

There are two reasons:
      1) proposing RSA/3DES-CBC/SHA-1 vs DSA/3DES-CBC/SHA-1 is meaningless
	 for phase 2. They are the same thing.
	 (at least, until something like HIP comes along)

      2) if we are going to reuse the suites, then what
	 does 3DES-CBC/SHA-1/LZS mean for phase 1? I'd say that
	 it is meaningless and we forbid suites that specify compression
	 from being proposed for phase 1.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPW/ExoqHRg3pndX9AQEVswQAubDYt9Wm68cHHTJQqsGlGi8u5Q/P9hWU
LR0qBPrztUWO3R7IILOXFRkeAImM5rDGaQ8tABooFR1IHPwSakV2jw0sFpzbRW5J
aJvH5a15WsyjF/elxcWIych7WMJo7Nez9Ievzmq/C1MWOb/yn/3PJTZuR16a+6ZE
CEHhDLqENzU=
=QBoU
-----END PGP SIGNATURE-----