[anonsec] should IPsec policies be partially ordered?
Paul Wouters
paul at xelerance.com
Sun Mar 18 10:45:42 PDT 2007
On Sun, 18 Mar 2007, Michael Richardson wrote:
> I also don't want applications to ever hard code things like "AES128".
> Instead, I want them to use something like "ENCRYPTION_STENGTH_MEDIUM",
> and have some files, a la /etc/services that defines what that means for this system.
Reminds me of Draytek Vigor's, which had a "medium" setting meaning modp768
with 1DES......
Not only do you have to agree on the order of this list, you also have to
maintain it in the light of faster hardware ove rtime.
Paul
More information about the ANONSEC
mailing list