[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ikev2-algorithms-00.txt
I just submitted a new version to the I-D Directory that I believe
addresses these comments.
-Jeff
Russ Housley wrote:
> I am glad to see that this draft was finally posted, but it does not
> reflect my recollection of the working group consensus prior to the San
> Francisco IETF meeting.
>
> I am very pleaded to see SHOULD+, SHOULD-, and MUST-. These provide
> important guidance to product planners.
>
> In section 4.1.1 on IKEv2 Encrypted Payload Algorithms, I expected:
>
> MUST Three-key Triple-DES in CBC mode
> SHOULD+ 128-bit AES in CBC mode
>
> In section 4.1.2, I expected no mention of elliptic curves. The working
> group abandoned work in this area many months ago. Also, I expected:
>
> MUST 1024
> SHOULD 1536
> SHOULD+ 2048
>
> In section 4.1.3 on IKEv2 Transfer Type 1 Algorithms, I expected two of
> the entries to have different requirements:
>
> MUST ENCR_3DES (assuming that this is 3-key 3DES in CBC mode)
> SHOULD+ ENCR_AES_128_CBC
>
> In section 4.1.4 on IKEv2 Transfer Type 2 Algorithms, I expected two of
> the entries to have different requirements:
>
> MAY PRF_HMAC_MD5
> SHOULD PRF_AES128_CBC
>
> I also thought that we were going to define a shorthand way to configure
> different devices to use the same selections from the a la carte menu.
> At a minimum, we should come up with a name for the collection of MUST
> algorithms.
>
> Do others have different recollections and expectiations?
>
> Russ
>
>
>
>
PGP signature