> Having said that, it is perfectly natural for the submitters to
> require a particular type of authentication in a suite. For this one,
> it is clear that they want to use EC throughout the suite for
> asymmetric operations. For a different one, the organization
> specifying the suite might allow
On Nov 13, 2009, at 12:16 AM, Stephen Kent wrote:
> My message pointed out that there was no mention of options, Your reply
> picked a couple of option examples and argued that they were either not used
> or did not pose a security problem.
>
> The right way to generate a god answer is to con
Also, it occurs to me that the purpose of a suite isn't to enforce this
kind of policy decision, just to give them names for interoperability
purposes.
E.g., the existence of SuiteB-XYZ doesn't prevent you from negotiating DES
under the table somewhere; it just prevents you from negotiating DES
I strongly disagree with this. UI suites are not "profiles". To quote from RFC
4308:
This document specifies optional suites of
algorithms and attributes that can be used to simplify the
administration of IPsec when used in manual keying mode, with IKEv1
or with IKEv2.
Since we want
