[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

At 6:34 PM +0000 6/11/03, David Wagner wrote:
>It's not what size keys the cipher supports that matters; it's what size
>keys are standardized for use in IPSEc.

Exactly right.

>Maybe we should add a line to RFC2451 saying that users SHOULD NOT
>use key sizes shorter than the default.  There's no good reason to use
>shorter keys.  This addition would make everything consistent with a
>SHOULD NOT policy for DES.  Will this make everyone happy?

It would certainly make me happier. That way, we would not be having 
different recommendations for IKEv1 than what we have for IKEv2. 
Actually, a complete revision to RFC 2451 would be nice, including 
removing algorithms for which there are not stable references.

--Paul Hoffman, Director
--VPN Consortium