Now that the parser can accept <aead>-NONE- <prf>-<dh>, should "NONE" be included when logging those proposals? For instance:
OLD: algparse -v2 'ike=aes_gcm-sha1-dh21' AES_GCM_16-HMAC_SHA1-DH21 algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21' AES_GCM_16-HMAC_SHA1-DH21 NEW: algparse -v2 'ike=aes_gcm-sha1-dh21' AES_GCM_16-NONE-HMAC_SHA1-DH21 algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21' AES_GCM_16-NONE-HMAC_SHA1-DH21 the main reason is to avoid any confusion over how integrity is being computed. As a follow-up, what about non-AEAD algorithms; which get really unwieldy.
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
