[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ikev2-algorithms-00.txt
At 11:33 AM -0400 5/23/03, Russ Housley wrote:
>I am glad to see that this draft was finally posted, but it does not
>reflect my recollection of the working group consensus prior to the
>San Francisco IETF meeting.
>
>I am very pleaded to see SHOULD+, SHOULD-, and MUST-. These provide
>important guidance to product planners.
>
>In section 4.1.1 on IKEv2 Encrypted Payload Algorithms, I expected:
>
> MUST Three-key Triple-DES in CBC mode
> SHOULD+ 128-bit AES in CBC mode
>
>In section 4.1.2, I expected no mention of elliptic curves. The
>working group abandoned work in this area many months ago. Also, I
>expected:
>
> MUST 1024
> SHOULD 1536
> SHOULD+ 2048
>
>In section 4.1.3 on IKEv2 Transfer Type 1 Algorithms, I expected
>two of the entries to have different requirements:
>
> MUST ENCR_3DES (assuming that this is 3-key 3DES
>in CBC mode)
> SHOULD+ ENCR_AES_128_CBC
>
>In section 4.1.4 on IKEv2 Transfer Type 2 Algorithms, I expected two
>of the entries to have different requirements:
>
> MAY PRF_HMAC_MD5
> SHOULD PRF_AES128_CBC
>
>I also thought that we were going to define a shorthand way to
>configure different devices to use the same selections from the a la
>carte menu. At a minimum, we should come up with a name for the
>collection of MUST algorithms.
>
>Do others have different recollections and expectiations?
>
>Russ
Russ,
Your comments above match my recollection of what was agreed upon and
documented in earlier drafts by Paul.
Steve