[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suites vs a-la-carte
I violently agree with you, except for one small bit...
> And for the IPsec SA there would be:
>
> 1) encryption algorithm for the ESP
> - 3DES, AES, NULL
> 2) authentication algorithm for the ESP
> - no auth, MD5, SHA
> 3) authentication algorithm for the AH
> - no AH, MD5, SHA
> 4) IPComp algorithm
> - Deflate, LZS?, OUI?
> 5) Diffie-Hellman group for PFS (if we do support PFS)
> - group 2, group 5, ec-groups?, bigger (2048, 3072, 4096, 6144,
> 8192 bit) groups
> 6) Tunnel / transport / UDP-tunnel / UDP-transport
> - Tunnel mode / transport mode and NAT-T udp encapsulations
> 7) Use of extended sequence numbers
> - on/off
> 8) ECN
You forgot (or maybe it's implicit?):
9) Key size for algorithm(s).
I already support all three sizes of AES, and plan on letting people exploit
them.
Dan