Valery Smyslov writes: > > Why would you make multiple encodings formats for the same algorithm? > > And if so why should we allow that in IPsec. We do not allow prehashed > > formats of the Ed25519 and Ed448 because we do not want to have > > multiple formats for the same thing. > > If tomorrow cryptographers discover some weakness in one encoding > and start recommend using another format, then we'll have to follow. > And it doesn't matter if we disallowed using it before.
In such case you do create a new key, and you do disable the old format, so there is no issue with this, as you still have only one format for a key. > > > The only reliable way for the initiator to select a proper form of > > > signature > > > now is pre-configuration. But it doesn't scale well and is problematic > > > with opportunistic encryption. > > > > It is same with PSKs or IP addresses / DNS names. You need to > > pre-configure the PSK to be used and to which IP address (or DNS name) > > to connect... IPsec normally do require some pre-configuration before > > it can be used (with exception to the opportunistic encryption). > > Some pre-configuration is inevitable. But let's try to keep it minimal - > it helps maintain algorithm agility in large scale. Yes, but configuring the authentication credentials (PSK, or private key to be used) for each remote host is something that I do expect to be done in future too. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
