On Mon, Nov 19, 2007 at 12:26:16PM +0100, Mitja Mu?eni? wrote:
> As far as I can tell, currently in ipsec.conf there is no way to use AES
> with KEY_LENGHT=256. Is anybody working on adding this? Otherwise I might
> try it when the time permits.
>
> I'm thinking that isakmpd should first learn about a new default transform,
> let's say AES256 - then adding that into ipsecctl/ipsec.conf should be
> pretty much trivial.
this sounds like a reasonable approach to me.
>
> The other route is not to add this new default transform to isakmpd, but to
> have ipsecctl generate a config with a non-default transform - this does not
> touch isakmpd at all, but is less than trivial in ipsecctl.
>
> Thoughts, anyone?
>
> Mitja