RE: Remove SHOULD for elliptic curve groups in IKEv2

["Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>]

I don't know if should == near requirement as far as crypto algorithms are
concerned. After all, Tiger was a should for how many years? Plus, people
tend to ignore crypto requirements and implement what they feel like (e.g.
wrt DES, Group 1, DSA, El Gamal). The fact is, everybody here plans to
support ECDH or at least would like to. I see no problem in being forward
looking and making it a should.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Paul Hoffman / VPNC
> Sent: Monday, March 11, 2002 11:09 PM
> To: ipsec@lists.tislabs.com
> Subject: Remove SHOULD for elliptic curve groups in IKEv2
>
>
> Elliptic curve groups have barely been tested for interoperability.
> The SHOULDs in section 8.3 and 8.4 should be reduced to MAYs. As
> wonderful as EC cryptography is supposed to be, it is overkill to
> make it a near-requirement when probably fewer than 10% of
> implementations today use it.
>
> --Paul Hoffman, Director
> --VPN Consortium
>