Hi! Am 11.03.2013 um 02:04 schrieb Jason Hall <[email protected]>: > I recently started using (open)IKEd, and am quite happy with it. Very > easy to configure/use, well documented, and supports many protocols. > Following USA's NSA Suite B security recommendations for which > protocols to use (because if it's good enough for them ...), they > recommend using ECDSA keys for authentication, but IKEd currently only > supports RSA keys. > > Are there plans to support ECDSA keys? All other recommended > protocols (AES GCM, ECDH) are currently supported. >
Yes, absolutely! > When attempting to start IKEd (iked -dvv) with ECDSA keys, the error message > is: > ca_key_serialize: unsupported key type 408 > fatal: ca: failed to serialize private key > This part is not implemented but it will be trivial to do. > For more information on Suite B Authentication Methods, check out RFC > 6380 (https://tools.ietf.org/html/rfc6380) section 4.3, and Suite B in > general RFC 6379 (http://tools.ietf.org/html/rfc6379). > Thanks! Reyk
