Re: Ciphersuites for IKEv2, revised

[Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Eric" == Eric Rescorla <ekr@xxxxxxxx> writes:
    >> Maybe. But I think that having three different flavors of Suite-ID
    >> (one for IKE, one for ESP, one for AH) will be just as confusing to
    >> typical users.

    Eric> Well, there are three different flavors of suite, regardless of how
    Eric> the ID space is partitioned. I'm just saying that the two
    Eric> structures should match.

    >> What you are asking for would cause us to have to change the proposal
    >> structure given in section 5.3.1 to split out "area of coverage" from
    >> the Suite-ID.

    Eric> I want three tables and three separate sections.

  So, we have to have three different proposal structures, which are
identical, except that they negotiate the same things for the different uses?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPjmcWIqHRg3pndX9AQEbiAQAuGRjj+N0OhWpzoB0FqWuMFybOVpsLoBb
5YP6qObj5ZczkCECZvFvAwSxYSOURHAkD/nBwWiyxpDZKDwNrwiCn7t8Xks9oUt/
edPQ1A0zDkvTm5sjO+VyW71ujg144ZALUkpuHqkEeyMaGE1KqWYE21kMGbRRlYZL
NZ0fk5mi1Bc=
=VEtO
-----END PGP SIGNATURE-----