[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suites - phase 1 vs 2

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: suites - phase 1 vs 2
From: Dan McDonald <danmcd@east.sun.com>
Date: Tue, 3 Sep 2002 12:18:36 -0400 (EDT)
CC: ipsec@lists.tislabs.com
In-Reply-To: <200209021447.g82ElNHt031251@marajade.sandelman.ottawa.on.ca> fromMichael Richardson at "Sep 2, 2002 10:47:21 am"
Organization: Sun Microsystems, Inc. - Solaris Internet Engineering
Sender: owner-ipsec@lists.tislabs.com

>   I think that we have ESP suites like:
> 
>   1) 3DES/MD5  (i.e. no IPcomp)
>   2) 3DES/SHA1
>   3) 3DES/MD5/LZS
>   4) AES/SHA1/LZS
>   ...
> 
>   that is, I'm pretty sure that we want the IPcomp choice (or not) to be part
> of the ESP suite, not a seperate list.

You either need to also include AH (whether it's there or not), OR you need
to treat AH, ESP, and IPcomp as separate protocols.  You can't just include
subsets.  You need to either treat the whole problem, or decompose the
problem completely.

Dan

Follow-Ups:
- Re: suites - phase 1 vs 2
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: suites - phase 1 vs 2
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: IPSec v6 on linux
Next by Date: RE: Last ditch proposal for crypto suites
Prev by thread: Re: suites - phase 1 vs 2
Next by thread: Re: suites - phase 1 vs 2
Index(es):
- Date
- Thread