[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms

>>>>> "Paul" == Paul Hoffman </ VPNC <paul.hoffman@vpnc.org>> writes:

 Paul> ...

 Paul> There is no good reason for DES to be a SHOULD or a SHOULD-. No
 Paul> one who cares about security would use it, and the only reason
 Paul> we see it in use in IPsec today is that it is still the MUST
 Paul> for IKEv1. Any use of DES should be a MAY.

I'd prefer SHOULD NOT for ENCR_DES.  As for ENCR_DES_IV64, why is that
mentioned at all?  Has it ever been seen in the wild?  I'd just drop
that one entirely.