Re: Last ditch proposal for crypto suites

["Scott G. Kelly" <scott@bstormnetworks.com>]

"Hallam-Baker, Phillip" wrote:
> 
> > I think the original argument against suites came from observing how
> > many SSL had.
> 
> I think that that was largely the result of TLS being specified at a time
> when RSA was still encumbered and bona-fide MAC functions had not been
> developed.
> 
> We are talking about 3 MUST suites and 2 MAY suites maximum. IKE1 had 9
> encryption ciphers alone.

I'm not sure how (or if) we actually arrived this conclusion, and I
don't see how we can possibly make this work with just 3 suites. For
example, I know the pk vendors would like to see nothing but RSA-based
authentication mandated, but until the market fully embraces public key
technology, we must have preshared key support.

Whether we choose suites, a la carte, or both, there will be practical
reasons for supporting multiple authentication, encryption, and
integrity mechanisms. Choosing suites doesn't, in and of itself,
automagically reduce the number of algorithmic combinations we will
provide support for; it simply reduces the number of ways in which each
combination can be expressed, and thereby significantly simplifies the
protocol.

I should make clear that I agree with the general notion that we should
try to reasonably limit the number of suites which are IANA-defined.
However, we must be realistic and pragmatic.

Scott