[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ikev2-algorithms-00.txt
I agree. Jeff indicated in a conversation earlier this week
that he is updating his draft accordingly.
thanks,
Barb
At 06:46 AM 5/30/2003, Stephen Kent wrote:
At 11:33 AM -0400 5/23/03, Russ Housley
wrote:
I am glad to see that this draft was finally
posted, but it does not reflect my recollection of the working group
consensus prior to the San Francisco IETF meeting.
I am very pleaded to see SHOULD+, SHOULD-, and MUST-. These provide
important guidance to product planners.
In section 4.1.1 on IKEv2 Encrypted Payload Algorithms, I expected:
MUST Three-key
Triple-DES in CBC mode
SHOULD+ 128-bit
AES in CBC mode
In section 4.1.2, I expected no mention of elliptic curves. The
working group abandoned work in this area many months ago. Also, I
expected:
MUST 1024
SHOULD 1536
SHOULD+ 2048
In section 4.1.3 on IKEv2 Transfer Type 1 Algorithms, I expected
two of the entries to have different requirements:
MUST ENCR_3DES
(assuming that this is 3-key 3DES in CBC mode)
SHOULD+ ENCR_AES_128_CBC
In section 4.1.4 on IKEv2 Transfer Type 2 Algorithms, I expected two of
the entries to have different requirements:
MAY PRF_HMAC_MD5
SHOULD PRF_AES128_CBC
I also thought that we were going to define a shorthand way to configure
different devices to use the same selections from the a la carte
menu. At a minimum, we should come up with a name for the
collection of MUST algorithms.
Do others have different recollections and expectiations?
Russ
Russ,
Your comments above match my recollection of what was agreed upon and
documented in earlier drafts by Paul.
Steve