[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms

To: paul.hoffman@vpnc.org
Subject: Re: Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms
From: Paul Koning <pkoning@equallogic.com>
Date: Wed, 4 Jun 2003 11:32:19 -0400
Cc: ipsec@lists.tislabs.com
References: <p05210635bb02dd25f1c7@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Paul" == Paul Hoffman </ VPNC <paul.hoffman@vpnc.org>> writes:

 Paul> ...

 Paul> There is no good reason for DES to be a SHOULD or a SHOULD-. No
 Paul> one who cares about security would use it, and the only reason
 Paul> we see it in use in IPsec today is that it is still the MUST
 Paul> for IKEv1. Any use of DES should be a MAY.

I'd prefer SHOULD NOT for ENCR_DES.  As for ENCR_DES_IV64, why is that
mentioned at all?  Has it ever been seen in the wild?  I'd just drop
that one entirely.

     paul

References:
- Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: need for encrypting IKE QM exchange
Next by Date: protocol encoding in proposal differs from IKEv1
Prev by thread: Re: Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms
Next by thread: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
Index(es):
- Date
- Thread