[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Suites vs a-la-carte

To: kent@bbn.com
Subject: RE: Suites vs a-la-carte
From: "Andrew Krywaniuk" <askrywan@hotmail.com>
Date: Mon, 18 Nov 2002 19:36:49 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

>I've gotten some feedback from the DoD community that they would like to be 
>able to use commercial IPsec products in appropriate contexts, but that 
>they need to be able to configure their own DH groups.  If we mandate 
>user-configurable algorithms/suites in IKEv2, then these folks, and maybe 
>others, will be able to buy these products and use them in
>environments where the mandatory-to-implement suites do not suffice.

Yes, that was also part of my rationale. I wrote about this back in the 
"last ditch proposal for ciphersuites" thread, but I went into less detail 
this time. The way our products worked is that you could select a 
ciphersuite from a droplist, but the information in the droplist was taken 
from a ciphersuite definition file. This meant that you could customize the 
ciphersuites for a specific customer without adding lots of confusing 
options to the GUI.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.


_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

Prev by Date: Inputs to PKI profile
Next by Date: RE: Counter Mode Security: Analysis and Recommendations
Prev by thread: RE: Suites vs a-la-carte
Next by thread: RE: I-D ACTION:draft-ietf-ipsec-sctp-04.txt
Index(es):
- Date
- Thread