[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto algorithms for IKEv2
Offl-list, two people pointed out a serious typo. The document says:
> For IKEv2, ENCR_3DES (3) MUST be implemented and ENCR_AES_128_CBC (12)
> SHOULD be implemented. It is expected that in the not-distant future,
> ENCR_AES_128_CBC (12) will become a MUST-level requirement and that
> ENCR_AES_128_CBC (12) will become a SHOULD-level requirement.
The paragraph should read:
For IKEv2, ENCR_3DES (3) MUST be implemented and ENCR_AES_128_CBC (12)
SHOULD be implemented. It is expected that in the not-distant future,
ENCR_AES_128_CBC (12) will become a MUST-level requirement and that
ENCR_3DES (3) will become a SHOULD-level requirement.
That is, when we make AES a MUST, we will most likely demote
TripleDES to a SHOULD. This is what we discussed on the mailing list
and in San Francisco.
--Paul Hoffman, Director
--VPN Consortium