Paul Wouters wrote:
> On Sun, 18 Mar 2007, Michael Richardson wrote:
>
>> I also don't want applications to ever hard code
things like "AES128".
>> Instead, I want them to use something like
"ENCRYPTION_STENGTH_MEDIUM",
>> and have some files, a la /etc/services that
defines what that means for this system.
>
> Reminds me of Draytek Vigor's, which had a
"medium" setting meaning modp768
> with 1DES......
> Not only do you have to agree on the order of this
list, you also have to
> maintain it in the light of faster hardware ove
rtime.
Not relevant.
The choice is not between "medium" vs
"3DES". Medium security *WAS* 1DES (vs RC4)
ten plus years ago. Of course, there are maintenance
issues.
The choice is between replacing all the binaries on the
machine that use the
BTNS IPsec API, or replacing one file that defines what the
"medium" profile is.
_______________________________________________
|
