[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ipsec-ikev2-algorithms-00.txt
I am glad to see that this draft was finally posted, but it does not
reflect my recollection of the working group consensus prior to the San
Francisco IETF meeting.
I am very pleaded to see SHOULD+, SHOULD-, and MUST-. These provide
important guidance to product planners.
In section 4.1.1 on IKEv2 Encrypted Payload Algorithms, I expected:
MUST Three-key Triple-DES in CBC mode
SHOULD+ 128-bit AES in CBC mode
In section 4.1.2, I expected no mention of elliptic curves. The working
group abandoned work in this area many months ago. Also, I expected:
MUST 1024
SHOULD 1536
SHOULD+ 2048
In section 4.1.3 on IKEv2 Transfer Type 1 Algorithms, I expected two of
the entries to have different requirements:
MUST ENCR_3DES (assuming that this is 3-key 3DES in CBC mode)
SHOULD+ ENCR_AES_128_CBC
In section 4.1.4 on IKEv2 Transfer Type 2 Algorithms, I expected two of the
entries to have different requirements:
MAY PRF_HMAC_MD5
SHOULD PRF_AES128_CBC
I also thought that we were going to define a shorthand way to configure
different devices to use the same selections from the a la carte menu. At
a minimum, we should come up with a name for the collection of MUST algorithms.
Do others have different recollections and expectiations?
Russ