Re: [Ipsec] AES Algorithm Negotiation in IKE
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] AES Algorithm Negotiation in IKE
>>>>> "Yoav" == Yoav Nir <ynir at netvision.net.il> writes:
Yoav> IMO the keylength attribute is well-specified, at least in the
Yoav> IKEv2 document. If there are going to be interoperability
Yoav> issues then it means that somebody is not implementing it
Yoav> correctly.
Yoav> I would go with option #1.
I agree.
Implementing little protocol details like the key length element isn't
rocket science. I don't see any good reason to hack up the spec to
accommodate buggy implementations. For one thing, there's no reason
to believe it will help. What's there now is the right approach.
Similarly, ICV length for the combined algorithms should be another
parameter just like the key length -- not encoded in the algorithm
ID.
paul
_______________________________________________
Ipsec mailing list
Ipsec at ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
