Michael Rossberg <michael.rossb...@tu-ilmenau.de> wrote:
>>> I think that a way to negotiate this is as if it was unique cipher.
>>
>> BTW: I recognize that this might require a new value for each cipher.
>>
>> As such, it's not a great long term solution, but I would claim that it
>> probably applies to a few ciphers very specifically at first.
>>
>> Once the new layout is so popular, then we could persue some other way
to do
>> this. Probably that means the same Notify() mechanism we use for
TRANSPORT_MODE/etc.
>> I'm not especially fond of this architecturally, but it certainly works.
> I guess this would be an option for our particular
> problem. Nevertheless, I agree the inflationary use of IDs is a
> problem. Also, I see the possibility of confusion of the readers,
> ie. having three AES-GCM modes.
I don't think that the reader will be confused.
> This would also reduce the number of interop tests, as we would have
> one cipher that works a little different.
Yes, and likely implemented in a non-modular streamlined (or data pipelined)
way in hardware. Hardware is not going to have more than two ciphers.
If as many as two.
Again, I suggest you write an Informational document, as for a code point,
and submit through ISE.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
