IETF Logo Mail Archive

Re: [Ipsec] draft-solinas-ui-suites-00.txt

Yoav Nir <ynir@checkpoint.com> Mon, 18 December 2006 08:26 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwDpB-0008IS-Vy; Mon, 18 Dec 2006 03:26:18 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwDpA-0008IN-Mb for ipsec@ietf.org; Mon, 18 Dec 2006 03:26:16 -0500
Received: from michael.checkpoint.com ([194.29.32.68]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwDp3-0000yO-7x for ipsec@ietf.org; Mon, 18 Dec 2006 03:26:16 -0500
Received: from [194.29.46.218] (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id kBI8Pv66013156; Mon, 18 Dec 2006 10:25:57 +0200 (IST)
In-Reply-To: <p0624088cc1ab2734b944@[10.20.30.101]>
References: <7.0.0.16.2.20061208152939.0794cbd8@vigilsec.com> <1479D5BA-A0B1-4321-89E1-92CE778B8D9C@checkpoint.com> <p0624088cc1ab2734b944@[10.20.30.101]>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <4ED8E4B2-5CD1-4793-AA2B-BE6E11408418@checkpoint.com>
Content-Transfer-Encoding: 7bit
From: Yoav Nir <ynir@checkpoint.com>
Subject: Re: [Ipsec] draft-solinas-ui-suites-00.txt
Date: Mon, 18 Dec 2006 10:25:54 +0200
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Errors-To: ipsec-bounces@ietf.org

If that were true, than VPN-A and VPN-B would be called VPN-3DES and  
VPN-AES.

These names are not for the "community", they're for people who buy  
and install VPN devices. I think only a small fraction of these has  
ever heard of Suite B.

On Dec 17, 2006, at 6:59 PM, Paul Hoffman wrote:

> At 10:32 AM +0200 12/17/06, Yoav Nir wrote:
>> I think that in RFC 4308 they intentionally used names that do not  
>> name specific algorithms. This is for having a uniform name across  
>> VPN devices and to allow users with no background in cryptography  
>> (and those who don't read the IPsec list) to configure VPN devices  
>> without confusing terms.  That's why the names defined there are  
>> VPN-A and VPN-B.
>>
>> I suggest that "Suite-B-GCM-128" goes against that.  I think  
>> better names would be VPN-C, VPN-D etc.
>
> I disagree here. The names are not important as long as there is no  
> obvious clash. As the draft shows, the name "Suite B" is already in  
> widespread use within the community of interest, as well as with  
> IPsec vendors who want to participate in that community in the future.
>
>> If it's really important to include the SuiteB name, I'd still go  
>> with SuiteB-1, SuiteB-2 etc.
>
> I disagree again. It is up to the community to decide how much or  
> little specificity should be included in the names. When we came up  
> with VPN-A and VPN-B, that's what the general IPsec population of  
> the time wanted, although we could have chosen VPN-TripleDES and  
> VPN-AES12 or somesuch.
>
> --Paul Hoffman, Director
> --VPN Consortium
>


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email