[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSECKEY] Generic algorithm test




>>>>> "Sam" == Sam Weiler <weiler@watson.org> writes:
    Sam> I've been having second thoughts about the wisdom of inheriting from
    Sam> the DNS Algorithm registry.  Are all of the defined alogirthm types
    Sam> appropriate for IPSECKEY use?  Is it likely that future ones will be?

  If there are future public key algorithms defined, they would be appropriate.
  
    Sam> Remember that DNSSEC algorithms specify a hash, too, which is why
    Sam> RSA/MD5 and RSA/SHA1 have different algorithm values even though the

  Yes, as does IKE, for the same reason.
  If we do not want to use DNSSEC values, then we can use IKE values:

http://www.iana.org/assignments/ipsec-registry

  It doesn't matter to me.
  Or we can create a new space.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.