> On Nov 21, 2018, at 00:54, Yoav Nir <[email protected]> wrote: > > Still, as long as AES-CBC and HMAC-SHA1 are in, even that 10-year-old Linux > can work, which is why I agree with your conclusion, except for the tweak > that MUST- is also OK.
Okay, if one of the expected deployments is 10 year old ikev2 code, then we should add AES-CBC. I don’t know of any ikev2 code not supporting SHA2, so I would still suggest to leave SHA1 behind. Paul _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
