[anonsec] should IPsec policies be partially ordered?
Nicolas Williams
Nicolas.Williams at sun.com
Sun Mar 18 14:07:43 PDT 2007
On Sun, Mar 18, 2007 at 06:45:42PM +0100, Paul Wouters wrote:
> On Sun, 18 Mar 2007, Michael Richardson wrote:
>
> > I also don't want applications to ever hard code things like "AES128".
> > Instead, I want them to use something like "ENCRYPTION_STENGTH_MEDIUM",
> > and have some files, a la /etc/services that defines what that means for this system.
>
> Reminds me of Draytek Vigor's, which had a "medium" setting meaning modp768
> with 1DES......
>
> Not only do you have to agree on the order of this list, you also have to
> maintain it in the light of faster hardware ove rtime.
And cryptanalytic advances.
More information about the ANONSEC
mailing list