[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] draft-solinas-ui-suites-00.txt

If that were true, than VPN-A and VPN-B would be called VPN-3DES and VPN-AES.

These names are not for the "community", they're for people who buy and install VPN devices. I think only a small fraction of these has ever heard of Suite B.

On Dec 17, 2006, at 6:59 PM, Paul Hoffman wrote:

At 10:32 AM +0200 12/17/06, Yoav Nir wrote:
I think that in RFC 4308 they intentionally used names that do not name specific algorithms. This is for having a uniform name across VPN devices and to allow users with no background in cryptography (and those who don't read the IPsec list) to configure VPN devices without confusing terms. That's why the names defined there are VPN-A and VPN-B.

I suggest that "Suite-B-GCM-128" goes against that. I think better names would be VPN-C, VPN-D etc.

I disagree here. The names are not important as long as there is no obvious clash. As the draft shows, the name "Suite B" is already in widespread use within the community of interest, as well as with IPsec vendors who want to participate in that community in the future.

If it's really important to include the SuiteB name, I'd still go with SuiteB-1, SuiteB-2 etc.

I disagree again. It is up to the community to decide how much or little specificity should be included in the names. When we came up with VPN-A and VPN-B, that's what the general IPsec population of the time wanted, although we could have chosen VPN-TripleDES and VPN-AES12 or somesuch.

--Paul Hoffman, Director
--VPN Consortium

Ipsec mailing list