Valery Smyslov writes: > > If I remember right on discussion about the different elliptic curve > > algorithms, the situation was same there, i.e., even if you could use > > the same key for different algorithms, it is considered bad idea... > > We are not talking about different algorithms. Consider the situation > when the same signature can we represented in a different ways > (e.g. different ASN.1 encodings). > In this case we'll run into the problem if one of the peers supports > only one way.
Why would you make multiple encodings formats for the same algorithm? And if so why should we allow that in IPsec. We do not allow prehashed formats of the Ed25519 and Ed448 because we do not want to have multiple formats for the same thing. > The only reliable way for the initiator to select a proper form of signature > now is pre-configuration. But it doesn't scale well and is problematic > with opportunistic encryption. It is same with PSKs or IP addresses / DNS names. You need to pre-configure the PSK to be used and to which IP address (or DNS name) to connect... IPsec normally do require some pre-configuration before it can be used (with exception to the opportunistic encryption). -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
