IETF Logo Mail Archive

RE: Crypto algorithms for IKEv2

"Jimmy Zhang" <jzhang@elmic.com> Tue, 29 April 2003 02:10 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA22218 for <ipsec-archive@lists.ietf.org>; Mon, 28 Apr 2003 22:10:31 -0400 (EDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id UAA02349 Mon, 28 Apr 2003 20:05:07 -0400 (EDT)
Reply-To: jzhang@elmic.com
From: Jimmy Zhang <jzhang@elmic.com>
To: 'Paul Hoffman / VPNC' <paul.hoffman@vpnc.org>, ipsec@lists.tislabs.com
Subject: RE: Crypto algorithms for IKEv2
Date: Mon, 28 Apr 2003 17:09:03 -0700
Message-ID: <000001c30de3$902b4d00$0300a8c0@riverside>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
In-Reply-To: <p0521060cbad316b2792a@[63.202.92.152]>
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Content-Transfer-Encoding: 7bit

How about TWOFISH ?

Thanks,

Jimmy



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com 
> [mailto:owner-ipsec@lists.tislabs.com] On Behalf Of Paul 
> Hoffman / VPNC
> Sent: Monday, April 28, 2003 11:12 AM
> To: ipsec@lists.tislabs.com
> Subject: Crypto algorithms for IKEv2
> 
> 
> Greetings again. At the WG meeting in San Francisco over a month ago, 
> the WG agreed that the IKEv2 document should split out the 
> cryptographic algorithms into a RFC that can be updated separately 
> from the main IKEv2 protocol RFC with which we are almost finished.
> 
> I have turned in an Internet Draft on this topic that matches what I 
> believe matches the general feeling from the WG based on earlier 
> discussion on this mailing list and the lively face-to-face 
> discussions in San Francisco. A temporary version of the draft is at 
> <http://www.vpnc.org/ietf-ipsec/draft-hoffman-ipsec-algorithms
-00-TEMP.txt>; 
as usual, that link will disappear when the draft is officially in 
the Internet Drafts directory.

This document is meant to be a companion to the *next* draft of 
IKEv2. In that draft, Charlie can cleanly excise from his section 
3.3.2 the cryptographic tables labeled "For Transform Type 1", "For 
Transform Type 2", "For Transform Type 3", and "For Transform Type 
4", leaving Transform Type 5, which is not cryptographic. He can also 
remove the MUST, SHOULD, and MAY statements in Appendix B.

The result will be a free-standing document that the IETF can update 
when we want to change the cryptographic requirements for IKEv2. For 
example, there was general agreement in San Francisco that we will 
probably be requiring AES and longer Diffie-Hellman primes in the 
not-distant future, and that fact is reflected in the Internet Draft.

Given that we are trying to finish up IKEv2 in the near future and 
not reopening agreed-to issues, I'm definitely interested to hear if 
anyone thinks that the document has things that the WG didn't agree 
to.

--Paul Hoffman, Director
--VPN Consortium

v2.23.0 | Report a Bug | By Email