Re: [Cfrg] Re: [saag] Algorithm upgrades

["D. J. Bernstein" <djb at cr.yp.to>]

> In our universe, we configured IPsec security gateways to accept both
> AES and 3DES, then incrementally changed the preferred algorithm of the
> clients. 

I was able to incrementally switch clients from telnet to ssh, where the
server supported both telnet and ssh. The client indicated its protocol
selection through its choice of TCP port number.

We already have many levels of protocol selection: IP protocol numbers,
TCP port numbers, and more. Was it impossible to encode a DES-vs.-AES
bit for IPSec into one of those numbers?

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg