[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The remaining IKEv2 issues
Paul Hoffman / VPNC writes:
> the XAUTH fiasco. Saying "'MUST NOT' or 'SHOULD NOT' do the things
> that your customers are demanding" is a really good way to cripple
> IKEv2 deployment.
I agree that "MUST NOT" will be crippling the deployment, but "SHOULD
NOT" is fine. From the RFC-2119:
----------------------------------------------------------------------
4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
----------------------------------------------------------------------
So I think non-kg EAP methods SHOULD NOT be used. There are cases
where they are acceptable, or even useful, but the full implications
of using them should be understood...
--
kivinen@ssh.fi
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/