[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto algorithms for IKEv2
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "VPNC" == VPNC <Paul> writes:
VPNC> At 11:27 AM -0400 4/29/03, Michael Richardson wrote:
>> Paul, I think that this is a very good way to organize things.
>> I have one additional suggestion, which you may or may not like.
>>
>> Split this document into two documents:
>> Document 1 title: Security Algorithms for IKEv2
>> sections 1, 1.3, 2.
>>
>> Document 2 title: A VPN profile for IKEv2
>> section 3, plus all MANDATORY statements from other sections.
VPNC> This is an interesting idea, but it kind of goes against what people
VPNC> had said they wanted, which was to have the MUSTs and SHOULDs with
VPNC> the algorithm specifiers.
Ah. I see.
VPNC> a) IANA can grok whatever we give them. Also, we don't want
VPNC> implementers referencing the RFC: we want them referencing the IANA
VPNC> registry. This is one of the big problems we have had with IKEv1.
Good point.
>> In the end, a customer will specify a device that is RFC-Document2 compliant
>> for their VPN use, and things will work.
VPNC> But they don't need to be able to read that RFC in order to specify it. :-)
Well, the UI Suites section is pretty much readable to end-users. The
purchasing people will spec it, but the admins will read the RFC when they
get a product which can interop, but doesn't present UI suites in the UI.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPq7cjoqHRg3pndX9AQGSpAP/eiKjH5TyrlJf6hynWq28E+Zu/cIT9w0+
zm6pEjhJFt2D8JNrlAxQbFmCLH65jbccS8h9Tr/J+qTurQpDPlzJ9HguVUHWqLP4
F9ruXRBQ1vn8V3yqlUSk4HsOSXUrlEzg0C8zN1maJ2Wu3Kzw3kJ6l6pVo7cOZj1c
y04kVNtdAI0=
=/tt2
-----END PGP SIGNATURE-----