Hi Emeric, > What about the authenticated encryption algorithms (e.g. gcm)? > Is the integrity algorithm mandatory for parsing but not used?
If you have both traditional ciphers and AEAD ciphers in a proposal, you'll obviously need a integrity algorithm as well. If the AEAD gets selected, the integrity algorithm is ignored. Note that according to RFC 5996 you should avoid such mixed proposals, and have separated proposals for AEAD and non-AEAD ciphers. For AEAD-only proposals, an integrity algorithm is not used. However, you may still specify one to at the same time implicitly define a PRF in an IKE proposal. The integrity algorithm is stripped implicitly from AEAD-only proposals. > In IKEv2, is there a functional difference between multiple proposals > (esp=enc1-auth1-..., enc1-auth2-..., enc2-auth1-..., enc2-auth2-...) > and multiple algorithms (esp=enc1-enc2-auth1-auth2-...)? Yes. With multiple algorithms, the peer may select any algorithm from each type and mix-and-match them as it likes. With multiple proposals, the peer has to select a single proposal, i.e. you can limit the combinations allowed. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
