[Hipsec] Digital Signature Algorithms
pekka.nikander@nomadiclab.com (Pekka Nikander) Wed, 13 October 2004 00:54 UTC
From: pekka.nikander@nomadiclab.com
Date: Wed, 13 Oct 2004 00:54:01 +0000
Subject: [Hipsec] Digital Signature Algorithms
In-Reply-To: <200410121858.38644.julien.laganier@sun.com>
References: <200410071521.16054.julien.laganier@sun.com> <416543F8.6040006@piuha.net> <200410121858.38644.julien.laganier@sun.com>
Message-ID: <6AA91027-1CDD-11D9-97E8-000D9331AFB0@nomadiclab.com>
X-Date: Wed Oct 13 00:54:01 2004
> So how does people feel about making both DSA and RSA mandatory in > HIP? I don't have any strong opinions. IIRC, the usual IETF crypto guidelines state that a) there must be at least one common MUST implement algorithm that is considered secure enough b) the algorithms must be negotiable so that if the currently MUST implement turns out to be insecure, the implementations can be easily upgraded to use some other, new MUST implement algorithm Anyone care to check what the guidelines and other documents actually say? draft-ietf-ipsec-ikev2-algorithms-05.txt draft-iab-auth-mech-03.txt crypto forum? From a robustness point of view, it would of course good to have multiple MUST implement algorithms. OTOH, I think that there should also be some guidelines how to use them so that the chances of interoperability are maintained even in the case that one of the hosts only supports one algorithm, e.g., due to policy reasons. Maybe we could have DSA as MUST and RSA as SHOULD? --Pekka
- [Hipsec] Digital Signature Algorithms Julien Laganier
- [Hipsec] Digital Signature Algorithms Jari Arkko
- [Hipsec] Digital Signature Algorithms Julien Laganier
- [Hipsec] Digital Signature Algorithms Pekka Nikander
- [Hipsec] Digital Signature Algorithms Julien Laganier
- [Hipsec] Digital Signature Algorithms Jari Arkko
- [Hipsec] Digital Signature Algorithms Julien Laganier
- [Hipsec] Digital Signature Algorithms Petri Jokela
- [Hipsec] Digital Signature Algorithms Pekka Nikander
- [Hipsec] Digital Signature Algorithms Ahrenholz, Jeffrey M
- [Hipsec] Digital Signature Algorithms Jari Arkko
- [Hipsec] Digital Signature Algorithms Julien Laganier
- [Hipsec] Digital Signature Algorithms Miika Komu
- [Hipsec] Digital Signature Algorithms Jari Arkko
- [Hipsec] Digital Signature Algorithms Andrew McGregor
- [Hipsec] Digital Signature Algorithms Henderson, Thomas R
- [Hipsec] Digital Signature Algorithms Pekka Nikander
- [Hipsec] Digital Signature Algorithms Miika Komu
- Difficulty of off-the-shelf R1s (Was: Re: [Hipsec… Jari Arkko
- Difficulty of off-the-shelf R1s (Was: Re: [Hipsec… Miika Komu
- [Hipsec] Digital Signature Algorithms Henderson, Thomas R
- [Hipsec] Digital Signature Algorithms Henderson, Thomas R
- [Hipsec] Digital Signature Algorithms Pekka Nikander
- [Hipsec] Digital Signature Algorithms Henderson, Thomas R
- [Hipsec] Encryption Transform (Was: Digital Signa… Julien Laganier
- [Hipsec] Encryption Transform (Was: Digital Signa… Jari Arkko
- [Hipsec] Encryption Transform (Was: Digital Signa… Pekka Nikander