On Wed, 9 Oct 2013, Tero Kivinen wrote:
I think the changes we would like to do there are:
Downgrade Diffie-Hellman group 2 (1024-bits) from MUST- to SHOULD.
Actually, 4307 states:
3.1.2. Diffie-Hellman Groups
There are several Modular Exponential (MODP) groups that are defined
for use in IKEv2. They are defined in both the [IKEv2] base document
and in the MODP extensions document. They are identified by group
number. Any groups not listed here are considered as "MAY be
implemented".
Group Number Bit Length Status Defined
2 1024 MODP Group MUST- [RFC2409]
14 2048 MODP Group SHOULD+ [RFC3526]
which seems to imply 768 MODP group is "MAY". Which is confirmed in RFC
4109. So I think we should also update 768 MODP group to MUST NOT.
Downgrade ENCR_3DES from MUST- to MAY
I'm not sure how I feel about that. There are still not many
alternatives to AES, and I think having 3DES in there is good. Yes it is
slow, but I don't think it has been concluded to be weak or insecure.
Then we might want to think whether we want to add new algorithms,
i.e. "AES_GCM with a 8/12/16 octect ICV", PRF_HMAC_SHA2_256/384/512,
or AUTH_HMAC_SHA2_256_128/384_192/512_256. In all of those I think we
might want to pick one length and make that SHOULD...
Sounds good.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
