Michael Rossberg <[email protected]> wrote: >>> I think that a way to negotiate this is as if it was unique cipher. >> >> BTW: I recognize that this might require a new value for each cipher. >> >> As such, it's not a great long term solution, but I would claim that it >> probably applies to a few ciphers very specifically at first. >> >> Once the new layout is so popular, then we could persue some other way to do >> this. Probably that means the same Notify() mechanism we use for TRANSPORT_MODE/etc. >> I'm not especially fond of this architecturally, but it certainly works.
> I guess this would be an option for our particular
> problem. Nevertheless, I agree the inflationary use of IDs is a
> problem. Also, I see the possibility of confusion of the readers,
> ie. having three AES-GCM modes.
I don't think that the reader will be confused.
> This would also reduce the number of interop tests, as we would have
> one cipher that works a little different.
Yes, and likely implemented in a non-modular streamlined (or data pipelined)
way in hardware. Hardware is not going to have more than two ciphers.
If as many as two.
Again, I suggest you write an Informational document, as for a code point,
and submit through ISE.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
