Re: suites - phase 1 vs 2

[Charlie_Kaufman@notesdev.ibm.com]

> I'm not clear if we are going to define common suites for *both* phase 1
and
> 2 use. If we are, then I think that we should seperate the phase 1
> authentication algorithm from the phase 1 cipher/encryption
> routine. i.e. they should be negotiated seperately.
>
> There are two reasons:
>       1) proposing RSA/3DES-CBC/SHA-1 vs DSA/3DES-CBC/SHA-1 is
meaningless
>     for phase 2. They are the same thing.
>     (at least, until something like HIP comes along)
>
>       2) if we are going to reuse the suites, then what
>     does 3DES-CBC/SHA-1/LZS mean for phase 1? I'd say that
>     it is meaningless and we forbid suites that specify compression
>     from being proposed for phase 1.

I'm trying not to use the terms phase 1 and phase 2 algorithms because
phase 1 negotiates both an IKE-SA and a Child-SA (ESP and/or AH and/or
IPcomp).
I believe the definition of a suite should include the protocol it
is securing. That means we need a minimum of two suites: one of IKE and one
for ESP. People are likely to want additional suites for ESP+IPcomp, for
AH,
and for who knows what other combinations. If suites are independent of
protocol, we will end up
negotiating suite and protocol separately and face a different n*m
explosion of possibilities.

I'd like to shoot for a single MUST implement suite for each of IKE and
ESP,
and make all other algorithms and protocols optional. But I'm a wild-eyed
dreamer.

          --Charlie

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).