[Swan-dev] include -NONE- when logging AEAD proposals?
Andrew Cagney
andrew.cagney at gmail.com
Tue Sep 22 19:51:19 UTC 2020
Now that the parser can accept <aead>-NONE- <prf>-<dh>, should "NONE" be
included when logging those proposals? For instance:
OLD:
algparse -v2 'ike=aes_gcm-sha1-dh21'
AES_GCM_16-HMAC_SHA1-DH21
algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
AES_GCM_16-HMAC_SHA1-DH21
NEW:
algparse -v2 'ike=aes_gcm-sha1-dh21'
AES_GCM_16-NONE-HMAC_SHA1-DH21
algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
AES_GCM_16-NONE-HMAC_SHA1-DH21
the main reason is to avoid any confusion over how integrity is being
computed.
As a follow-up, what about non-AEAD algorithms; which get really unwieldy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200922/e5e92087/attachment.html>
More information about the Swan-dev
mailing list