Parameter table, Connection descriptor name, Crypto – Nortel Networks 608(WL) User Manual

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

97

Parameter table

The following table summarizes the parameters comprised in the connection
security descriptor:

Connection Descriptor

name

Internal symbolic name to identify the Connection Descriptor.

Crypto

The table below shows the cryptographic functions supported by the SpeedTouch™
along with their corresponding key size:

DES is relatively slow and is the weakest of the algorithms, but it is the
industry standard.

3DES is a stronger version of DES, but is the slowest of the supported
algorithms (for a comparable key length).

AES is the new encryption standard selected by the American government to
replace DES/3DES. It is recommended to use AES since it is the most
advanced of the supported encryption methods.

NULL encryption: The message is not encrypted. Selecting NULL encryption
achieves authentication without encryption, being equivalent to the use of the
Authentication Header (AH) that is no longer supported from Release R5.3.0
onwards.
In addition, NULL encryption may be useful for testing purposes since the
messages on the communication link can be interpreted. Message
authentication remains active.

Parameter

Description

Descriptor name

Symbolic name to identify the Descriptor.

Crypto

Cryptographic function to be used for the IPSec Security
Association.

Integrity

Hashing function used for message authentication.

Encapsulation

Selects the ESP encapsulation mode.

PFS

Selects the use of Perfect Forward Secrecy

Lifetime-secs

The lifetime of the IPSec Security Association. At
expiration of this period re-keying occurs.

Lifetime-kbytes

The maximum data volume transported before re-keying
occurs.

Algorithm

Valid key lengths (bits)

DES

56

3DES

168

AES

128, 192, 256

NULL

-