[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEV2: Issue #2: Cipher suites
Splitting out the list of ciphersuites and the list of which ones are
MUSTs and SHOULDs would also bring us into line more with the IETF.
The lists of MUSTs that the WG chairs have proposed do not follow the
rules of RFC 2119, which is a normative reference in IKEv2. All the
other MUSTs and SHOULDs in IKEv2 do follow the rules in RFC 2119, but
these do not. It would be nice to have the main IKEv2 document
actually conform to the IETF rules.
Another reason to split out the algorithms is that this WG has done a
lousy job of keeping its list for IKEv1 up-to-date. DES (not
TripleDES) is still a MUST. TIGER is still a SHOULD. If we can't even
fix obvious problems like that in a timely fashion for IKEv1, we
should not expect to do so for IKEv2.
--Paul Hoffman, Director
--VPN Consortium