[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suites vs. a la carte and IPcomp in IKEv2-05

To: Paul Koning <pkoning@equallogic.com>
Subject: Re: suites vs. a la carte and IPcomp in IKEv2-05
From: Eric Rescorla <ekr@rtfm.com>
Date: 10 Mar 2003 15:13:08 -0800
Cc: derek@ihtfp.com, dharkins@tibernian.com, Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
In-Reply-To: <15980.64456.752003.222139@pkoning.dev.equallogic.com>
References: <200303061917.h26JH1ma000279@fatty.lounge.org><sjmsmtv9gzb.fsf@kikki.mit.edu><15980.64456.752003.222139@pkoning.dev.equallogic.com>
Reply-To: EKR <ekr@rtfm.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)

Paul Koning <pkoning@equallogic.com> writes:
> I wonder: is this still a real issue today?   It would be good not to
> add messes to the protocol to support strange hardware architectures
> that are long obsolete.  Certainly this issue doesn't appear in any
> hardware I have ever seen.  (Come to think of it, if I saw this when
> doing device selection, I'd be very tempted to exclude such a device.)

It's generally not an issue of individual pieces of hardware but
of what happens when you have an implementation based on
multiple CSP-like modules.

Say, for the sake of argument that you have a piece of hardware
that processes single IPsec records and supports 3DES and SHA.
You then add another CSP that supports AES and MD5. You can't
necessarily mix and match here, so you need to provide profiles.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

Follow-Ups:
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Paul Koning <pkoning@equallogic.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Tero Kivinen <kivinen@iki.fi>

References:
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Dan Harkins <dharkins@tibernian.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Derek Atkins <derek@ihtfp.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Next by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Prev by thread: Re: suites vs. a la carte and IPcomp in IKEv2-05
Next by thread: Re: suites vs. a la carte and IPcomp in IKEv2-05
Index(es):
- Date
- Thread