[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suites vs. a la carte and IPcomp in IKEv2-05

To: Paul Koning <pkoning@equallogic.com>
Subject: Re: suites vs. a la carte and IPcomp in IKEv2-05
From: Eric Rescorla <ekr@rtfm.com>
Date: 10 Mar 2003 15:27:29 -0800
Cc: derek@ihtfp.com, dharkins@tibernian.com, Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
In-Reply-To: <15981.7487.502193.596127@pkoning.dev.equallogic.com>
References: <200303061917.h26JH1ma000279@fatty.lounge.org><sjmsmtv9gzb.fsf@kikki.mit.edu><15980.64456.752003.222139@pkoning.dev.equallogic.com><kjptoy4xyz.fsf@romeo.rtfm.com><15981.7487.502193.596127@pkoning.dev.equallogic.com>
Reply-To: EKR <ekr@rtfm.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)

Paul Koning <pkoning@equallogic.com> writes:

> >>>>> "Eric" == Eric Rescorla <ekr@rtfm.com> writes:
> 
>  Eric> Paul Koning <pkoning@equallogic.com> writes:
>  >> I wonder: is this still a real issue today?  It would be good not
>  >> to add messes to the protocol to support strange hardware
>  >> architectures that are long obsolete.  Certainly this issue
>  >> doesn't appear in any hardware I have ever seen.  (Come to think
>  >> of it, if I saw this when doing device selection, I'd be very
>  >> tempted to exclude such a device.)
> 
>  Eric> It's generally not an issue of individual pieces of hardware
>  Eric> but of what happens when you have an implementation based on
>  Eric> multiple CSP-like modules.
> 
>  Eric> Say, for the sake of argument that you have a piece of hardware
>  Eric> that processes single IPsec records and supports 3DES and SHA.
>  Eric> You then add another CSP that supports AES and MD5. You can't
>  Eric> necessarily mix and match here, so you need to provide
>  Eric> profiles.
> 
> Sure, you can suppose such things, but are they real? That's my
> point.  I can't think of real hardware that matches your supposition.
What, you can't think of real hardware that doesn't support AES?
How about the HiFn 7811?
    
-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

Follow-Ups:
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Paul Koning <pkoning@equallogic.com>

References:
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Dan Harkins <dharkins@tibernian.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Derek Atkins <derek@ihtfp.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Paul Koning <pkoning@equallogic.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Eric Rescorla <ekr@rtfm.com>
- Re: suites vs. a la carte and IPcomp in IKEv2-05
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Next by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Prev by thread: Re: suites vs. a la carte and IPcomp in IKEv2-05
Next by thread: Re: suites vs. a la carte and IPcomp in IKEv2-05
Index(es):
- Date
- Thread