> Why would you make multiple encodings formats for the same algorithm? > And if so why should we allow that in IPsec. We do not allow prehashed > formats of the Ed25519 and Ed448 because we do not want to have > multiple formats for the same thing.
If tomorrow cryptographers discover some weakness in one encoding and start recommend using another format, then we'll have to follow. And it doesn't matter if we disallowed using it before. > > The only reliable way for the initiator to select a proper form of signature > > now is pre-configuration. But it doesn't scale well and is problematic > > with opportunistic encryption. > > It is same with PSKs or IP addresses / DNS names. You need to > pre-configure the PSK to be used and to which IP address (or DNS name) > to connect... IPsec normally do require some pre-configuration before > it can be used (with exception to the opportunistic encryption). Some pre-configuration is inevitable. But let's try to keep it minimal - it helps maintain algorithm agility in large scale. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
