[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IPSECKEY] Generic algorithm test
>>>>> "Sam" == Sam Weiler <weiler@watson.org> writes:
Sam> I've been having second thoughts about the wisdom of inheriting from
Sam> the DNS Algorithm registry. Are all of the defined alogirthm types
Sam> appropriate for IPSECKEY use? Is it likely that future ones will be?
If there are future public key algorithms defined, they would be appropriate.
Sam> Remember that DNSSEC algorithms specify a hash, too, which is why
Sam> RSA/MD5 and RSA/SHA1 have different algorithm values even though the
Yes, as does IKE, for the same reason.
If we do not want to use DNSSEC values, then we can use IKE values:
http://www.iana.org/assignments/ipsec-registry
It doesn't matter to me.
Or we can create a new space.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.