[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Suites vs a-la-carte
>I've gotten some feedback from the DoD community that they would like to be
>able to use commercial IPsec products in appropriate contexts, but that
>they need to be able to configure their own DH groups. If we mandate
>user-configurable algorithms/suites in IKEv2, then these folks, and maybe
>others, will be able to buy these products and use them in
>environments where the mandatory-to-implement suites do not suffice.
Yes, that was also part of my rationale. I wrote about this back in the
"last ditch proposal for ciphersuites" thread, but I went into less detail
this time. The way our products worked is that you could select a
ciphersuite from a droplist, but the information in the droplist was taken
from a ciphersuite definition file. This meant that you could customize the
ciphersuites for a specific customer without adding lots of confusing
options to the GUI.
Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail