[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto algorithms for IKEv2

To: ipsec@lists.tislabs.com
Subject: Re: Crypto algorithms for IKEv2
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Mon, 28 Apr 2003 20:48:04 -0700
Sender: owner-ipsec@lists.tislabs.com

Offl-list, two people pointed out a serious typo. The document says:

>  For IKEv2, ENCR_3DES (3) MUST be implemented and ENCR_AES_128_CBC (12)
>  SHOULD be implemented. It is expected that in the not-distant future,
>  ENCR_AES_128_CBC (12) will become a MUST-level requirement and that
>  ENCR_AES_128_CBC (12) will become a SHOULD-level requirement.

The paragraph should read:
  For IKEv2, ENCR_3DES (3) MUST be implemented and ENCR_AES_128_CBC (12)
  SHOULD be implemented. It is expected that in the not-distant future,
  ENCR_AES_128_CBC (12) will become a MUST-level requirement and that
  ENCR_3DES (3) will become a SHOULD-level requirement.

That is, when we make AES a MUST, we will most likely demote 
TripleDES to a SHOULD. This is what we discussed on the mailing list 
and in San Francisco.

--Paul Hoffman, Director
--VPN Consortium

Prev by Date: RE: Crypto algorithms for IKEv2
Next by Date: Re: Question on inbound IPSEC policy check
Prev by thread: Re: Crypto algorithms for IKEv2
Next by thread: Re: Crypto algorithms for IKEv2
Index(es):
- Date
- Thread