[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms
>>>>> "Paul" == Paul Hoffman </ VPNC <paul.hoffman@vpnc.org>> writes:
Paul> ...
Paul> There is no good reason for DES to be a SHOULD or a SHOULD-. No
Paul> one who cares about security would use it, and the only reason
Paul> we see it in use in IPsec today is that it is still the MUST
Paul> for IKEv1. Any use of DES should be a MAY.
I'd prefer SHOULD NOT for ENCR_DES. As for ENCR_DES_IV64, why is that
mentioned at all? Has it ever been seen in the wild? I'd just drop
that one entirely.
paul