[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ciphersuites for IKEv2, revised



Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx> writes:

> At 10:38 AM -0800 1/30/03, Eric Rescorla wrote:
> >So, you're saying that the cipher suites for IKE
> >encryption share the same namespace with those for
> >ESP/AH?
> 
> Correct. There is only one class of Suite-ID specified in the IKEv2 -04 draft.
> 
> >That seems kind of confusing.
> 
> Maybe. But I think that having three different flavors of Suite-ID
> (one for IKE, one for ESP, one for AH) will be just as confusing to
> typical users.
Well, there are three different flavors of suite, regardless
of how the ID space is partitioned. I'm just saying that
the two structures should match.

> What you are asking for would cause us to have to change the proposal
> structure given in section 5.3.1 to split out "area of coverage" from
> the Suite-ID.
I want three tables and three separate sections.

> Is that really worth it?
I think so. 

-Ekr