[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Crypto algorithms for IKEv2

To: "'Paul Hoffman / VPNC'" <paul.hoffman@vpnc.org>, <ipsec@lists.tislabs.com>
Subject: RE: Crypto algorithms for IKEv2
From: "Jimmy Zhang" <jzhang@elmic.com>
Date: Mon, 28 Apr 2003 17:09:03 -0700
Importance: Normal
In-Reply-To: <p0521060cbad316b2792a@[63.202.92.152]>
Reply-To: <jzhang@elmic.com>
Sender: owner-ipsec@lists.tislabs.com

How about TWOFISH ?

Thanks,

Jimmy



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com 
> [mailto:owner-ipsec@lists.tislabs.com] On Behalf Of Paul 
> Hoffman / VPNC
> Sent: Monday, April 28, 2003 11:12 AM
> To: ipsec@lists.tislabs.com
> Subject: Crypto algorithms for IKEv2
> 
> 
> Greetings again. At the WG meeting in San Francisco over a month ago, 
> the WG agreed that the IKEv2 document should split out the 
> cryptographic algorithms into a RFC that can be updated separately 
> from the main IKEv2 protocol RFC with which we are almost finished.
> 
> I have turned in an Internet Draft on this topic that matches what I 
> believe matches the general feeling from the WG based on earlier 
> discussion on this mailing list and the lively face-to-face 
> discussions in San Francisco. A temporary version of the draft is at 
> <http://www.vpnc.org/ietf-ipsec/draft-hoffman-ipsec-algorithms
-00-TEMP.txt>; 
as usual, that link will disappear when the draft is officially in 
the Internet Drafts directory.

This document is meant to be a companion to the *next* draft of 
IKEv2. In that draft, Charlie can cleanly excise from his section 
3.3.2 the cryptographic tables labeled "For Transform Type 1", "For 
Transform Type 2", "For Transform Type 3", and "For Transform Type 
4", leaving Transform Type 5, which is not cryptographic. He can also 
remove the MUST, SHOULD, and MAY statements in Appendix B.

The result will be a free-standing document that the IETF can update 
when we want to change the cryptographic requirements for IKEv2. For 
example, there was general agreement in San Francisco that we will 
probably be requiring AES and longer Diffie-Hellman primes in the 
not-distant future, and that fact is reflected in the Internet Draft.

Given that we are trying to finish up IKEv2 in the near future and 
not reopening agreed-to issues, I'm definitely interested to hear if 
anyone thinks that the document has things that the WG didn't agree 
to.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- RE: Crypto algorithms for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Crypto algorithms for IKEv2
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

References:
- Crypto algorithms for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Crypto algorithms for IKEv2
Next by Date: RE: Crypto algorithms for IKEv2
Prev by thread: Crypto algorithms for IKEv2
Next by thread: RE: Crypto algorithms for IKEv2
Index(es):
- Date
- Thread