Dan Harkins writes: > I don't actually see what the problem is that this note would solve. > Unless there's a problem then I have an objection to adding this note. > Can you restate the problem?
Mostly because then saying integrity protection with SHA-1 is not well defined anymore. Currently it is assumed it always means AUTH_HMAC_SHA1_96, but if implementations start supporting AUTH_HMAC_SHA1_160 too, then the GUI etc needs to be modified to be explicit about the truncation length, and that just causes confusion and interoperability problems. Especially as I do not know any implementation out there that supports AUTH_HMAC_SHA1_160 for IP use... -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
