[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #2: Cipher suites

To: ipsec@lists.tislabs.com
Subject: Re: IKEV2: Issue #2: Cipher suites
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Mon, 10 Feb 2003 11:13:50 -0800
In-Reply-To: <5.2.0.9.2.20030209115530.03539398@mail.binhost.com>
References: <5.2.0.9.2.20030209115530.03539398@mail.binhost.com>
Sender: owner-ipsec@lists.tislabs.com

Splitting out the list of ciphersuites and the list of which ones are 
MUSTs and SHOULDs would also bring us into line more with the IETF. 
The lists of MUSTs that the WG chairs have proposed do not follow the 
rules of RFC 2119, which is a normative reference in IKEv2. All the 
other MUSTs and SHOULDs in IKEv2 do follow the rules in RFC 2119, but 
these do not. It would be nice to have the main IKEv2 document 
actually conform to the IETF rules.

Another reason to split out the algorithms is that this WG has done a 
lousy job of keeping its list for IKEv1 up-to-date. DES (not 
TripleDES) is still a MUST. TIGER is still a SHOULD. If we can't even 
fix obvious problems like that in a timely fashion for IKEv1, we 
should not expect to do so for IKEv2.

--Paul Hoffman, Director
--VPN Consortium

References:
- Re: IKEV2: Issue #2: Cipher suites
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: IKEV2: Issue #1: Legacy Authentication
Next by Date: Re: Ciphersuites for IKEv2, revised
Prev by thread: Re: IKEV2: Issue #2: Cipher suites
Next by thread: Re: IKEV2: Issue #2: Cipher suites
Index(es):
- Date
- Thread