[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto algorithms for IKEv2

To: ipsec@lists.tislabs.com
Subject: Re: Crypto algorithms for IKEv2
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 29 Apr 2003 16:12:00 -0400
In-reply-to: Your message of "Tue, 29 Apr 2003 09:43:47 PDT." <p05210623bad45a6bc763@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "VPNC" == VPNC  <Paul> writes:
    VPNC> At 11:27 AM -0400 4/29/03, Michael Richardson wrote:
    >> Paul, I think that this is a very good way to organize things. 
    >> I have one additional suggestion, which you may or may not like.
    >> 
    >> Split this document into two documents:
    >> Document 1 title: Security Algorithms for IKEv2
    >> sections 1, 1.3, 2.
    >> 
    >> Document 2 title: A VPN profile for IKEv2
    >> section 3, plus all MANDATORY statements from other sections.

    VPNC> This is an interesting idea, but it kind of goes against what people 
    VPNC> had said they wanted, which was to have the MUSTs and SHOULDs with 
    VPNC> the algorithm specifiers.

  Ah. I see.

    VPNC> a) IANA can grok whatever we give them. Also, we don't want 
    VPNC> implementers referencing the RFC: we want them referencing the IANA 
    VPNC> registry. This is one of the big problems we have had with IKEv1.

  Good point.

    >> In the end, a customer will specify a device that is RFC-Document2 compliant
    >> for their VPN use, and things will work.

    VPNC> But they don't need to be able to read that RFC	in order to specify it. :-)

  Well, the UI Suites section is pretty much readable to end-users. The
purchasing people will spec it, but the admins will read the RFC when they
get a product which can interop, but doesn't present UI suites in the UI.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPq7cjoqHRg3pndX9AQGSpAP/eiKjH5TyrlJf6hynWq28E+Zu/cIT9w0+
zm6pEjhJFt2D8JNrlAxQbFmCLH65jbccS8h9Tr/J+qTurQpDPlzJ9HguVUHWqLP4
F9ruXRBQ1vn8V3yqlUSk4HsOSXUrlEzg0C8zN1maJ2Wu3Kzw3kJ6l6pVo7cOZj1c
y04kVNtdAI0=
=/tt2
-----END PGP SIGNATURE-----

References:
- Re: Crypto algorithms for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: Crypto algorithms for IKEv2
Next by Date: Plugfest in July
Prev by thread: Re: Crypto algorithms for IKEv2
Next by thread: RE: Crypto algorithms for IKEv2
Index(es):
- Date
- Thread