[anonsec] should IPsec policies be partially ordered?
Rafael Coninck Teigão
rcteigao at gmail.com
Mon Mar 19 03:04:19 PDT 2007
> > Not only do you have to agree on the order of this list, you also have to
> > maintain it in the light of faster hardware ove rtime.
> And cryptanalytic advances.
Maintaining the list in accordance to the cryptanalytic advances is a
work that you would already perform. Despite actually having it stored
on a file or not, someone would still need to review the policy in the
light of new advances.
I think having a file to configure BASIC, MEDIUM and HIGH strength
encryption would not only improve code/policy readability, but also
allow algorithm comparison, since we would already have a partial
ordering defined (and better yet, it would be defined at the
discretion of the administrator).
More information about the ANONSEC