[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suites vs a-la-carte

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: Suites vs a-la-carte
From: Dan McDonald <danmcd@east.sun.com>
Date: Tue, 12 Nov 2002 20:26:38 -0500 (EST)
CC: ipsec@lists.tislabs.com
In-Reply-To: <15825.28089.77817.221412@ryijy.hel.fi.ssh.com> from Tero Kivinenat "Nov 12, 2002 11:08:09 pm"
Organization: Sun Microsystems, Inc. - Solaris Internet Engineering
Sender: owner-ipsec@lists.tislabs.com

I violently agree with you, except for one small bit...

> And for the IPsec SA there would be:
> 
> 1) encryption algorithm for the ESP
>    - 3DES, AES, NULL
> 2) authentication algorithm for the ESP
>    - no auth, MD5, SHA
> 3) authentication algorithm for the AH
>    - no AH, MD5, SHA
> 4) IPComp algorithm
>    - Deflate, LZS?, OUI?
> 5) Diffie-Hellman group for PFS (if we do support PFS)
>    - group 2, group 5, ec-groups?, bigger (2048, 3072, 4096, 6144,
>    8192 bit) groups
> 6) Tunnel / transport / UDP-tunnel / UDP-transport
>    - Tunnel mode / transport mode and NAT-T udp encapsulations
> 7) Use of extended sequence numbers
>    - on/off
> 8) ECN

You forgot (or maybe it's implicit?):

  9) Key size for algorithm(s).

I already support all three sizes of AES, and plan on letting people exploit
them.

Dan

References:
- Suites vs a-la-carte
  - From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: Adding revised identities to IKEv2
Next by Date: RE: I-D ACTION:draft-ietf-ipsec-nat-t-ike-04.txt
Prev by thread: Re: Suites vs a-la-carte
Next by thread: Re: Suites vs a-la-carte
Index(es):
- Date
- Thread