[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ikev2-algorithms-00.txt



At 11:33 AM -0400 5/23/03, Russ Housley wrote:
>I am glad to see that this draft was finally posted, but it does not 
>reflect my recollection of the working group consensus prior to the 
>San Francisco IETF meeting.
>
>I am very pleaded to see SHOULD+, SHOULD-, and MUST-.  These provide 
>important guidance to product planners.
>
>In section 4.1.1 on IKEv2 Encrypted Payload Algorithms, I expected:
>
>	MUST		Three-key Triple-DES in CBC mode
>	SHOULD+	128-bit AES in CBC mode
>
>In section 4.1.2, I expected no mention of elliptic curves.  The 
>working group abandoned work in this area many months ago.  Also, I 
>expected:
>
>	MUST		1024
>	SHOULD	1536
>	SHOULD+	2048
>
>In section  4.1.3 on IKEv2 Transfer Type 1 Algorithms, I expected 
>two of the entries to have different requirements:
>
>	MUST		ENCR_3DES (assuming that this is 3-key 3DES 
>in CBC mode)
>	SHOULD+	ENCR_AES_128_CBC
>
>In section 4.1.4 on IKEv2 Transfer Type 2 Algorithms, I expected two 
>of the entries to have different requirements:
>
>	MAY		PRF_HMAC_MD5
>	SHOULD	PRF_AES128_CBC
>
>I also thought that we were going to define a shorthand way to 
>configure different devices to use the same selections from the a la 
>carte menu.  At a minimum, we should come up with a name for the 
>collection of MUST algorithms.
>
>Do others have different recollections and expectiations?
>
>Russ

Russ,

Your comments above match my recollection of what was agreed upon and 
documented in earlier drafts by Paul.

Steve