[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cfrg] [saag] Algorithm upgrades
On Nov 6, 2004, at 03:55, D. J. Bernstein wrote:
I was able to incrementally switch clients from telnet to ssh, where
the
server supported both telnet and ssh. The client indicated its protocol
selection through its choice of TCP port number.
We already have many levels of protocol selection: IP protocol numbers,
TCP port numbers, and more. Was it impossible to encode a DES-vs.-AES
bit for IPSec into one of those numbers?
It would be remarkably bad protocol design to burn an additional
port number just to indicate an algorithm difference. And, as others
have been kind enough to describe here, better ways to incrementally
upgrade IPsec clients are already supported and work well operationally.
I really prefer the universe described by Bill Sommerfeld.
Cheers,
Ran Atkinson
rja at extremenetworks.com
_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg