Re: Last ditch proposal for crypto suites

[Charlie_Kaufman@notesdev.ibm.com]

> Specifically, what if the initiator proposes an "a la carte" of
> 3DES/MD5/LZS, which happens to be suite #5, and the responder has not
> implemented a la carte negotiation.
>
The negotiation fails.

>   Do we mandate that the responder must understand this? I don't think
so.
>
I agree.

>   Or do we mandate that the the initiator may not do that? That's
complicated
> code that for the initiator, but at least it is their choice to implement
> the a-la-carte stuff.
We mandate must implement suites, where must implement includes must
include in proposals. If an initiator proposes no suites that the
suite-only
partner understands, the negotiation fails. It would be complicated for an
initiator to take his a la carte list and automatically figure out what
suites
are included in there so they can be proposed separately. But that
calculation is neither necessary nor (imho) useful. Configuration should
enable suites explicitly and separately from a la carte stuff.


          --Charlie

Opinions expressed may not even by mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).