Steven M. Bellovin <smb@research.att.com> wrote:

> >I'm looking at AES. While I was here, I tried all the documented
> >ciphers. For phase 2, the following cause failures, both in KAME racoon
> >and ipsec-tools racoon:
> >encryption: IDEA, 3IDEA, RC5, RC4, TWOFISH
> >authentication: DES, 3DES, DES_IV32, DES_IV64
> >
> >Should the documentation be updated and those ciphers removed?
>
> IDEA, 3IDEA, and RC5 are covered by patents, at least in the US.  RC4
> is hard to do in IPsec, because it's a stream cipher and would have 
> trouble with out-of-order blocks unless it takes a time or space 
> performance hit.  
> 
> In other words, I won't miss them at all....

Well, they might work in ipsec-tools if racoon is build with support for
them. You won't loose them as they are already not available.

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@netbsd.org