RE: Last ditch proposal for crypto suites

["Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>]

It was my experience with IKEv1 that the crypto algorithm negotiation was
accomplished by many people with very few errors. This, despite the fact
that the naming and organization of the payloads is rather confusing. (Why
is an SA a list of proposals rather than a proposal being a list of SAs or
[better] a proposal-list being a list of bundles? Why is there two levels of
indirection with the proposal+transform when there could have been only
one?)

I should also point out that 4 of the 9 pages are taken up with DOI-style
lists, such as the following:

  For Transform Type 1 (Encryption Algorithm), defined Transform-IDs
   are:

          Name                     Number           Defined In
          RESERVED                    0
          ENCR_DES_IV64               1              (RFC1827)
          ENCR_DES                    2              (RFC2405)
          ENCR_3DES                   3              (RFC2451)
          ENCR_RC5                    4              (RFC2451)
          ENCR_IDEA                   5              (RFC2451)
          ENCR_CAST                   6              (RFC2451)
          ENCR_BLOWFISH               7              (RFC2451)
          ENCR_3IDEA                  8              (RFC2451)
          ENCR_DES_IV32               9
          ENCR_RC4                   10
          ENCR_NULL                  11              (RFC2410)
          ENCR_AES_128               12

          values 12-240 are reserved to IANA. Values 241-255 are for
          private use among mutually consenting parties.

Does that give you a headache?

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.