Opened 5 years ago

Last modified 5 years ago

#224 new defect

Cryptographic Agility

Reported by: ynir.ietf@… Owned by: draft-ietf-ipsecme-ddos-protection@…
Priority: normal Milestone:
Component: ddos-protection Severity: -
Keywords: Cc:

Description

Raised by Valery Smyslov

Perhaps we should add crypto agility - allow hash functions other than SHA-256. It even doesn't need to be negotiated - the Responder can choose from among the hash functions used for integrity protection in the SA payload of the Initiator.

What if all of those are AEADs? Then maybe we fall back on SHA-256?

Change History (1)

comment:1 Changed 5 years ago by ynir.ietf@…

  • Component changed from draft-ietf-ipsecme-ikev2bis to ddos-protection
  • Owner changed from paul.hoffman@… to draft-ietf-ipsecme-ddos-protection@…
Note: See TracTickets for help on using tickets.