let us for a moment assume that RFC 4307 makes some reasonable algorithm choices (we are talking about IKEv2 here). If we take the text and apply it to EAP-GPSK then we would produce something like:Conservative Choice: ----------------------- (Integrity) AUTH_HMAC_SHA1_96 2 [RFC2404] MUST (Encryption) ENCR_3DES 3 [RFC2451] MUST- (Key Derivation) PRF_HMAC_SHA1 2 [RFC2104] MUST(Note that there is no MUST for encryption algorithms specified in RFC 4307.)Choice for the Future: ----------------------- (Encryption) ENCR_AES_CBC 12 [AES-CBC] SHOULD+ (Integrity) AUTH_AES_XCBC_96 5 [AES-MAC] SHOULD+ (Key Derivation) PRF_AES128_CBC 4 [AESPRF] SHOULD+ Does this sound like a terrible bad idea?
Actually, it sounds reasonable to me. _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
