Re: "Transforms" per se going away?

Stephen Kent <kent@bbn.com> Fri, 14 February 1997 15:53 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id KAA14987 for ipsec-outgoing; Fri, 14 Feb 1997 10:53:27 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007800af29100a43d7@[128.33.229.242]>
In-Reply-To: <199702130007.QAA28204@kebe.eng.sun.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 13 Feb 1997 13:45:49 -0500
To: Dan.McDonald@Eng.sun.com
From: Stephen Kent <kent@bbn.com>
Subject: Re: "Transforms" per se going away?
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Dan,

	I don't think my intent has been to move to exactly the "list"
approach you describe in your message.  For example, not all combinations
of encryption algorithms, modes, and IV options make sense.   I was
assuming that we would have a regsitered set (with the IANA) of
combinations of encryption, authentication, and anti-replay options, each
set of which defines a "transform" (using the curent terminology).  This
makes clear to implementors what combinations must be supported and allows
for elimination of combinations that the community (WG?) thinks are
inappropriate, i.e., don't allocate a transform ID for a combination that
is considered "bad."  The real goals of the new AH and ESP specs are to
eliminate the need to issue a combinatorial number of transform RFCs, to
centralize common definitions, etc.  One can still have a fairly modular
implementation as you describe, but by grouping the attributes of
transforms, one also can accommodate less modular implementations as well.

Steve

"Transforms" per se going away? Dan McDonald
Re: "Transforms" per se going away? Daniel Harkins
RE: "Transforms" per se going away? Roy Pereira
Re: "Transforms" per se going away? Stephen Kent