[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cfrg] Re: [saag] Algorithm upgrades
On Fri, 2004-11-05 at 15:18, D. J. Bernstein wrote:
> > Can you explain how we would have handled the conversion from
> > DES to AES for IPSec in an alternate universe where all the protocols
> > worked as you desire?
>
> May I ask how the conversion worked in your universe, and exactly what
> conversion costs were avoided by the negotiation mechanism?
In our universe, we configured IPsec security gateways to accept both
AES and 3DES, then incrementally changed the preferred algorithm of the
clients.
The conversion cost avoided was the need for a "flag day" during which
all clients needed to be changed simultaneously.
- Bill
_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg