[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

Yoav Nir wrote:
>It MAY be simple, but it is wrong, so it SHOULD NOT be used.  WEP offers
>128-bit keys, but only 24-bit security (or 12, depending on your definition)

That's irrelevant: WEP isn't on the list of recommended algorithms.
If our recommended key sizes were inadequate, then complain about
that.  But I think that you'll find that the default key sizes in
draft-...-ikev2-algorithms are eminently reasonable.

I think you're making this more complicated than it should be.
Let me take this to absurd extremes: Imagine adding a sentence
to the standard saying "All IPSec implementations MUST be secure.
Insecure implementations are non-complying."  Such a sentence would
add little value, because it doesn't tell the implementor *how* to
achieve compliance.  The purpose of the standard is not to list a set
of requirements or desirable features; the purpose of the standard is
to promote interoperability and to specify a protocol that (we believe)
meets those requirements.