Re: [Cfrg] Re: [saag] Algorithm upgrades

["Hughes, James P" <HugheJP at LOUISVILLE.STORTEK.COM>]

I agree. My company loves these "policy knobs". Without this kind of
negotiation in the standard, vendors will do it themselves in an
incompatible proprietary way making the standard less valuable. 


-----Original Message-----
From: saag-bounces at mit.edu <saag-bounces at mit.edu>
To: D. J. Bernstein <djb at cr.yp.to>
CC: cfrg at ietf.org <cfrg at ietf.org>; saag at mit.edu <saag at mit.edu>
Sent: Fri Nov 05 14:54:20 2004
Subject: Re: [Cfrg] Re: [saag] Algorithm upgrades

On Fri, 2004-11-05 at 15:18, D. J. Bernstein wrote:
> > Can you explain how we would have handled the conversion from
> > DES to AES for IPSec in an alternate universe where all the protocols
> > worked as you desire?
> 
> May I ask how the conversion worked in your universe, and exactly what
> conversion costs were avoided by the negotiation mechanism?

In our universe, we configured IPsec security gateways to accept both
AES and 3DES, then incrementally changed the preferred algorithm of the
clients. 

The conversion cost avoided was the need for a "flag day" during which
all clients needed to be changed simultaneously.

						- Bill

_______________________________________________
saag mailing list
saag at mit.edu
https://jis.mit.edu/mailman/listinfo/saag

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg