I agree with the comments. That section needs a rewrite. A couple of points I wanted to raise, however:
- In this document, we want to describe the situation as it is in the other RFCs. For instance, if the IPsec RFCs say you must support AH and ESP then we say it here too. If the situation changes in the future then we we will be updating this spec. - The same applies to algorithms as well. Someone complained about the many algorithms. Some algorithms (DES, MD5, SHA1) are mandated by the RFCs. However, in this case we have a serious problem in the sense that the IPsec RFCs are from some other millenium and the encryption algorithm choices are considered bad by the IPsec WG and others. I'm personally NOT going to feel very good about accepting a document that says you MUST use DES without even mentioning that its actually a bad choice. One should consider 3DES or AES instead. So I think we need to state something about those algorithms too. I wish the IPsec WG completed the AES spec (not sure about current status) so we could at least forget 3DES. In conclusion its not very easy to get rid of the long list of algorithms. Jari -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
