We did update cryptographic algorithms for ESP and AH (RFC4305->4835->7321), but we have never updated the RFC4307.
I think there should be update for that document too, as it now defines following madantory to implement algorithms: 1024 MODP Group, ENCR_3DES, PRF_HMAC_SHA1, AUTH_HMAC_SHA1_96. And I think at least the 1024-bit MODP groupp, and perhaps the 3DES also should be changed to something more suitable. For exmple 2048-bit MODP group and ENCR_AES_CBC... We had this discussion about two years ago last time, but nothing came out from there (Hmm.. did I promise to do something, I hope not). Perhaps this time? https://www.ietf.org/mail-archive/web/ipsec/current/msg08597.html -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
