let us for a moment assume that RFC 4307 makes some reasonable algorithm
choices (we are talking about IKEv2 here). If we take the text and apply it
to EAP-GPSK then we would produce something like:
Conservative Choice:
-----------------------
(Integrity)
AUTH_HMAC_SHA1_96 2 [RFC2404] MUST
(Encryption)
ENCR_3DES 3 [RFC2451] MUST-
(Key Derivation)
PRF_HMAC_SHA1 2 [RFC2104] MUST
(Note that there is no MUST for encryption algorithms specified in RFC
4307.)
Choice for the Future:
-----------------------
(Encryption)
ENCR_AES_CBC 12 [AES-CBC] SHOULD+
(Integrity)
AUTH_AES_XCBC_96 5 [AES-MAC] SHOULD+
(Key Derivation)
PRF_AES128_CBC 4 [AESPRF] SHOULD+
Does this sound like a terrible bad idea?
Actually, it sounds reasonable to me.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu