[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Suites vs a-la-carte



At 6:05 PM -0500 11/13/02, Andrew Krywaniuk wrote:
>  > Sure we can; we just can't agree to the limited number of numbers
>>  that we would encode.
>
>I agree with this. One of the reasons I have endorsed GUI suites all along
>is that I felt we would be much more likely to get consensus on the base
>suites if it were easy to create your own private suites.
>

Andrew,

I have to come to think that this is also a critical feature going 
forward, if we adopt suites i.e., we need to require implementations 
to be "easily configurable" re private suites. I would go a step 
further, however, and say that I don't just want the suites to be 
vendor-specific, but also user community-specific.  I've gotten some 
feedback from the DoD community that they would like to be able to 
use commercial IPsec products in appropriate contexts, but that they 
need to be able to configure their own DH groups.  If we mandate 
user-configurable algorithms/suites in IKEv2, then these folks, and 
maybe others, will be able to buy these products and use them in 
environments where the mandatory-to-implement suites do not suffice.

Steve