[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-ipsec-esp-ah-algorithms-00.txt
At 5:09 PM -0800 12/18/03, chris stillson wrote:
>The +/- distinction is splitting hairs. MUST/SHOULD/MAY are enough to
>convey any distinctions.
Errrr, the WG already agreed to these when we moved
draft-ietf-ipsec-ikev2-algorithms-04.txt out of the WG. The use in
this draft seems identical (other than the gratuitous SHOULD NOT for
DES).
> Also, although MD5 has some know problems,
>the fact that it's faster than SHA1 and provides enough security for
>most uses implies that it should be a "SHOULD", if not a "MUST"
The fact is that MD5 doesn't have the strength of SHA-1 (128 bits vs
160 bits). That is why SHA-1 is preferred in this context.
>Also, AES-CBC should be a "MUST".
This was discussed many times on the mailing list before WG last call
on the main algorithms document. When they all go into IETF Last
Call, you might want to bring it up again, but it would be a Really
Bad Thing to have the AH and ESP document have different requirements
than the algorithms document.
--Paul Hoffman, Director
--VPN Consortium