Crypto algorithms for IKEv2
Paul Hoffman / VPNC <paul.hoffman@vpnc.org> Mon, 28 April 2003 22:43 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA17876 for <ipsec-archive@lists.ietf.org>; Mon, 28 Apr 2003 18:43:33 -0400 (EDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id QAA01735 Mon, 28 Apr 2003 16:55:28 -0400 (EDT)
Mime-Version: 1.0
X-Sender: phoffvpnc@mail.vpnc.org
Message-Id: <p0521060cbad316b2792a@[63.202.92.152]>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report>.
Date: Mon, 28 Apr 2003 11:11:58 -0700
To: ipsec@lists.tislabs.com
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Crypto algorithms for IKEv2
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Greetings again. At the WG meeting in San Francisco over a month ago, the WG agreed that the IKEv2 document should split out the cryptographic algorithms into a RFC that can be updated separately from the main IKEv2 protocol RFC with which we are almost finished. I have turned in an Internet Draft on this topic that matches what I believe matches the general feeling from the WG based on earlier discussion on this mailing list and the lively face-to-face discussions in San Francisco. A temporary version of the draft is at <http://www.vpnc.org/ietf-ipsec/draft-hoffman-ipsec-algorithms-00-TEMP.txt>; as usual, that link will disappear when the draft is officially in the Internet Drafts directory. This document is meant to be a companion to the *next* draft of IKEv2. In that draft, Charlie can cleanly excise from his section 3.3.2 the cryptographic tables labeled "For Transform Type 1", "For Transform Type 2", "For Transform Type 3", and "For Transform Type 4", leaving Transform Type 5, which is not cryptographic. He can also remove the MUST, SHOULD, and MAY statements in Appendix B. The result will be a free-standing document that the IETF can update when we want to change the cryptographic requirements for IKEv2. For example, there was general agreement in San Francisco that we will probably be requiring AES and longer Diffie-Hellman primes in the not-distant future, and that fact is reflected in the Internet Draft. Given that we are trying to finish up IKEv2 in the near future and not reopening agreed-to issues, I'm definitely interested to hear if anyone thinks that the document has things that the WG didn't agree to. --Paul Hoffman, Director --VPN Consortium
- Re: Crypto algorithms for IKEv2 Paul Hoffman / VPNC
- Crypto algorithms for IKEv2 Paul Hoffman / VPNC
- RE: Crypto algorithms for IKEv2 Jimmy Zhang
- RE: Crypto algorithms for IKEv2 Hallam-Baker, Phillip
- RE: Crypto algorithms for IKEv2 Paul Koning
- Re: Crypto algorithms for IKEv2 Michael Richardson
- Re: Crypto algorithms for IKEv2 Michael Richardson
- RE: Crypto algorithms for IKEv2 Paul Hoffman / VPNC
- Re: Crypto algorithms for IKEv2 Paul Koning
- Re: Crypto algorithms for IKEv2 Paul Hoffman / VPNC
- Re: Crypto algorithms for IKEv2 David Wagner
- Re: Crypto algorithms for IKEv2 David Wagner
- Re: Crypto algorithms for IKEv2 Michael Richardson
- Re: Crypto algorithms for IKEv2 Michael Richardson
- Re: Crypto algorithms for IKEv2 Andrew Krywaniuk
- Re: Crypto algorithms for IKEv2 Stephen Kent
- Re: Crypto algorithms for IKEv2 Paul Koning
- Re: Crypto algorithms for IKEv2 Stephen Kent
- RE: Crypto algorithms for IKEv2 Van Aken Dirk
- Re: Crypto algorithms for IKEv2 Charlie_Kaufman
- Re: Crypto algorithms for IKEv2 Andrew Krywaniuk
- Re: Crypto algorithms for IKEv2 Paul Hoffman / VPNC