Hi Jari, Thanks for the summary, I agree with you. Just a general note, the Node Requirements document cannot specify new behavior for IP security, I think it would be useful to have some work get started to review and update this info.
John > -----Original Message----- > From: ext Jari Arkko [mailto:[EMAIL PROTECTED]] > Sent: 15 December, 2002 11:56 > To: Gupta Mukesh (IPRG/MtView) > Cc: ext Richard Nelson; [EMAIL PROTECTED]; Loughney John > (NRC/Helsinki) > Subject: Re: draft-ietf-ipv6-node-requirements-01.txt > > > I agree with the comments. That section needs a rewrite. A couple > of points I wanted to raise, however: > > - In this document, we want to describe the situation as it is in > the other RFCs. For instance, if the IPsec RFCs say you must > support AH and ESP then we say it here too. If the situation > changes in the future then we we will be updating this spec. > > - The same applies to algorithms as well. Someone complained about > the many algorithms. Some algorithms (DES, MD5, SHA1) are mandated > by the RFCs. However, in this case we have a serious problem in > the sense that the IPsec RFCs are from some other millenium and > the encryption algorithm choices are considered bad by the IPsec > WG and others. I'm personally NOT going to feel very good > about accepting > a document that says you MUST use DES without even mentioning > that its actually a bad choice. One should consider 3DES > or AES instead. So I think we need to state something about > those algorithms too. I wish the IPsec WG completed the AES > spec (not sure about current status) so we could at least > forget 3DES. > > In conclusion its not very easy to get rid of the long list > of algorithms. > > Jari > > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
