[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ikev2-algorithms-00.txt



I just submitted a new version to the I-D Directory that I believe 
addresses these comments.

			-Jeff

Russ Housley wrote:
> I am glad to see that this draft was finally posted, but it does not 
> reflect my recollection of the working group consensus prior to the San 
> Francisco IETF meeting.
> 
> I am very pleaded to see SHOULD+, SHOULD-, and MUST-.  These provide 
> important guidance to product planners.
> 
> In section 4.1.1 on IKEv2 Encrypted Payload Algorithms, I expected:
> 
>     MUST        Three-key Triple-DES in CBC mode
>     SHOULD+    128-bit AES in CBC mode
> 
> In section 4.1.2, I expected no mention of elliptic curves.  The working 
> group abandoned work in this area many months ago.  Also, I expected:
> 
>     MUST        1024
>     SHOULD    1536
>     SHOULD+    2048
> 
> In section  4.1.3 on IKEv2 Transfer Type 1 Algorithms, I expected two of 
> the entries to have different requirements:
> 
>     MUST        ENCR_3DES (assuming that this is 3-key 3DES in CBC mode)
>     SHOULD+    ENCR_AES_128_CBC
> 
> In section 4.1.4 on IKEv2 Transfer Type 2 Algorithms, I expected two of 
> the entries to have different requirements:
> 
>     MAY        PRF_HMAC_MD5
>     SHOULD    PRF_AES128_CBC
> 
> I also thought that we were going to define a shorthand way to configure 
> different devices to use the same selections from the a la carte menu.  
> At a minimum, we should come up with a name for the collection of MUST 
> algorithms.
> 
> Do others have different recollections and expectiations?
> 
> Russ
> 
> 
> 
> 

PGP signature