[Swan-dev] include -NONE- when logging AEAD proposals?
Paul Wouters
paul at nohats.ca
Wed Sep 23 01:36:28 UTC 2020
On Tue, 22 Sep 2020, Andrew Cagney wrote:
> Now that the parser can accept <aead>-NONE- <prf>-<dh>, should "NONE" be included when logging those proposals? For instance:
>
> OLD:
> algparse -v2 'ike=aes_gcm-sha1-dh21'
> AES_GCM_16-HMAC_SHA1-DH21
> algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
> AES_GCM_16-HMAC_SHA1-DH21
>
> NEW:
> algparse -v2 'ike=aes_gcm-sha1-dh21'
> AES_GCM_16-NONE-HMAC_SHA1-DH21
> algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
> AES_GCM_16-NONE-HMAC_SHA1-DH21
>
> the main reason is to avoid any confusion over how integrity is being computed.
I think that would be good, yes.
> As a follow-up, what about non-AEAD algorithms; which get really unwieldy.
I'm not sure what you mean?
Paul
More information about the Swan-dev
mailing list