[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: suites - phase 1 vs 2
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Charlie" == Charlie Kaufman <Charlie_Kaufman@notesdev.ibm.com> writes:
Charlie> I'm trying not to use the terms phase 1 and phase 2 algorithms
Charlie> because phase 1 negotiates both an IKE-SA and a Child-SA (ESP
Charlie> and/or AH and/or IPcomp). I believe the definition of a suite
Charlie> should include the protocol it is securing. That means we need a
Charlie> minimum of two suites: one of IKE and one for ESP. People are
okay. agreed.
Charlie> likely to want additional suites for ESP+IPcomp, for AH, and for
Charlie> who knows what other combinations. If suites are independent of
I think that we have ESP suites like:
1) 3DES/MD5 (i.e. no IPcomp)
2) 3DES/SHA1
3) 3DES/MD5/LZS
4) AES/SHA1/LZS
...
that is, I'm pretty sure that we want the IPcomp choice (or not) to be part
of the ESP suite, not a seperate list.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPXN59YqHRg3pndX9AQGo2wP+MyMTw2H6MedIPlibLTR2YSCGtTyIBfdz
l9BaqdPB197DOcjjTPyPYLnSFbazY/RmF/pZEXOLzku1hOWTyyewnGJt16FPJ+HJ
83Ny/5J/d8NBTZkdLUnkT0m5YhXEj+EEn8tZzaChpg9XMES2Pu6FIpXLDw8Dy0D0
bFtZudWUKA0=
=uGu1
-----END PGP SIGNATURE-----