On Mon, 28 Sep 2015, Tero Kivinen wrote:
I think there should be update for that document too, as it now
defines following madantory to implement algorithms:
1024 MODP Group, ENCR_3DES, PRF_HMAC_SHA1, AUTH_HMAC_SHA1_96.
And I think at least the 1024-bit MODP groupp, and perhaps the 3DES
also should be changed to something more suitable. For exmple 2048-bit
MODP group and ENCR_AES_CBC...
Perhaps this time?
It is. especially 2048 modp would be good, as most IKEv2 implementations
already try that as their default group. Demoting 3des/m5/sha1 and
pulling in aes_gcm and sha2 would be good I think.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
