On Sun, 9 Mar 2014, Yoav Nir wrote:
Some people in the room said that we should only do the AEAD and skip the
stand-alone algorithms. This would prevent SAs with combinations such
as ChaCha20 + HMAC-SHA1 or AES-128-CBC + Poly1305.
I'm not saying whether we need or don't need these combinations. I don't see
much use for them personally. My question to the list now is
whether everyone agrees that it's fine to drop them and leave only the combined
mode algorithm in the draft.
Yes. We have too many algorithms in IKE already. If we believe that
combined mode algorithms are better than classic ENCR+INTEG algorithms,
and I think we do, than we should not be adding more old style ENCR+INTEG
algorithms.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
