RE: Ciphersuites for IKEv2

To: howard.c.herbert@intel.com
Subject: RE: Ciphersuites for IKEv2
From: Paul Koning <pkoning@equallogic.com>
Date: Tue, 28 Jan 2003 11:14:27 -0500
Cc: ipsec@lists.tislabs.com, Black_David@emc.com, ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <5AE0592A6AF6494F80CE87370A723B1F2344A3@azsmsx401.ch.intel.com>
Sender: owner-ips@ece.cmu.edu

>>>>> "Howard" == Howard C Herbert <Herbert> writes:

 Howard> Per the admonition in David's email below, I would like to
 Howard> request that in addition to the following cipher suites
 Howard> already on the list:

 Howard> AES-CBC + HMAC-SHA-1 AES-CTR + AES-CBC MAC w/XCBC

 Howard> that the following additional cipher suites be added:

 Howard> AES-CBC + AES-CBC-MAC w/XCBC AES-CTR + HMAC-SHA-1

 Howard> As noted above, these algorithms will already exist in an
 Howard> implementation.  Not being able to use them in the added
 Howard> combinations simply because we do not have a ciphersuite
 Howard> defined for them seems like a real easy thing to fix at this
 Howard> point.

The whole point of cipher suites is NOT to expose the O(2^n)
combinations.  

There may be valid reasons to add suites, but "the components already
exist" surely is not a valid reason.

       paul

References:
- RE: Ciphersuites for IKEv2
  - From: "Herbert, Howard C" <howard.c.herbert@intel.com>

Prev by Date: Re: iSCSI: keys/parameter dependence
Next by Date: Re: iSCSI: keys/parameter dependence
Prev by thread: RE: Ciphersuites for IKEv2
Next by thread: More iSNS changes coming
Index(es):
- Date
- Thread

Home

Last updated: Tue Jan 28 15:19:04 2003
12266 messages in chronological order