<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 22 Sep 2020 at 21:36, Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tue, 22 Sep 2020, Andrew Cagney wrote:<br>
<br>
> Now that the parser can accept <aead>-NONE- <prf>-<dh>, should "NONE" be included when logging those proposals?  For instance:<br>
> <br>
> OLD:<br>
> algparse -v2 'ike=aes_gcm-sha1-dh21'<br>
> AES_GCM_16-HMAC_SHA1-DH21<br>
> algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'<br>
> AES_GCM_16-HMAC_SHA1-DH21<br>
> <br>
> NEW:<br>
> algparse -v2 'ike=aes_gcm-sha1-dh21'<br>
> AES_GCM_16-NONE-HMAC_SHA1-DH21<br>
> algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'<br>
> AES_GCM_16-NONE-HMAC_SHA1-DH21<br>
> <br>
> the main reason is to avoid any confusion over how integrity is being computed.<br>
<br>
I think that would be good, yes.<br>
<br>
> As a follow-up, what about non-AEAD algorithms; which get really unwieldy.<br>
<br>
I'm not sure what you mean?<br></blockquote><div><br></div>algparse -v2 'ike=aes-sha2-dh31'<br> AES_CBC-HMAC_SHA2_256-DH31<br><div><br></div><div>vs the canonical:</div><div><br></div>algparse -v2 'ike=aes-sha2-dh31'<br>        AES_CBC-HMAC_SHA2_256_128-HMAC_SHA2_256-DH31<br><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Paul<br>
</blockquote></div></div>