RE: Last ditch proposal for crypto suites

"Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> Thu, 29 August 2002 18:11 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7TIB4200100; Thu, 29 Aug 2002 11:11:04 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA13534 Thu, 29 Aug 2002 13:15:56 -0400 (EDT)
Date: Thu, 29 Aug 2002 13:13:16 -0400
Message-ID: <000a01c24f7f$5f4d2f50$1e72788a@ca.alcatel.com>
From: Andrew Krywaniuk <andrew.krywaniuk@alcatel.com>
Reply-To: andrew.krywaniuk@alcatel.com
To: 'Charlie Kaufman' <Charlie_Kaufman@notesdev.ibm.com>, 'list' <ipsec@lists.tislabs.com>
Subject: RE: Last ditch proposal for crypto suites
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
In-Reply-To: <OF710D18BE.04BE38CA-ON85256C24.000F505D-85256C24.001239FC@iris.com>
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

It was my experience with IKEv1 that the crypto algorithm negotiation was
accomplished by many people with very few errors. This, despite the fact
that the naming and organization of the payloads is rather confusing. (Why
is an SA a list of proposals rather than a proposal being a list of SAs or
[better] a proposal-list being a list of bundles? Why is there two levels of
indirection with the proposal+transform when there could have been only
one?)

I should also point out that 4 of the 9 pages are taken up with DOI-style
lists, such as the following:

  For Transform Type 1 (Encryption Algorithm), defined Transform-IDs
   are:

          Name                     Number           Defined In
          RESERVED                    0
          ENCR_DES_IV64               1              (RFC1827)
          ENCR_DES                    2              (RFC2405)
          ENCR_3DES                   3              (RFC2451)
          ENCR_RC5                    4              (RFC2451)
          ENCR_IDEA                   5              (RFC2451)
          ENCR_CAST                   6              (RFC2451)
          ENCR_BLOWFISH               7              (RFC2451)
          ENCR_3IDEA                  8              (RFC2451)
          ENCR_DES_IV32               9
          ENCR_RC4                   10
          ENCR_NULL                  11              (RFC2410)
          ENCR_AES_128               12

          values 12-240 are reserved to IANA. Values 241-255 are for
          private use among mutually consenting parties.

Does that give you a headache?

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.