> On Sep 28, 2015, at 4:11 PM, Tero Kivinen <[email protected]> wrote:
>
> We did update cryptographic algorithms for ESP and AH
> (RFC4305->4835->7321), but we have never updated the RFC4307.
>
> I think there should be update for that document too, as it now
> defines following madantory to implement algorithms:
>
> 1024 MODP Group, ENCR_3DES, PRF_HMAC_SHA1, AUTH_HMAC_SHA1_96.
>
> And I think at least the 1024-bit MODP groupp, and perhaps the 3DES
> also should be changed to something more suitable. For exmple 2048-bit
> MODP group and ENCR_AES_CBC...
>
> We had this discussion about two years ago last time, but nothing came
> out from there (Hmm.. did I promise to do something, I hope not).
>
> Perhaps this time?
Totally yes.
Group Number Bit Length Status Defined
2 1024 MODP Group MUST- [RFC2409]
MUST- This term means the same as MUST. However, we expect at
some point that this algorithm will no longer be a MUST in
a future document. Although its status will be determined
at a later time, it is reasonable to expect that if a
future revision of a document alters the status of a MUST-
algorithm, it will remain at least a SHOULD or a SHOULD-.
“Some point” has arrived, and I don’t think group #2 should even be SHOULD- at
this point.
So what should we specify now? My opinion:
DH Groups
14: MUST
19: SHOULD+
Type 1 algorithms:
ENCR_AES_CBC: MUST-
AES-GCM with 16 octet ICV: MUST
ENCR_CHACHA20_POLY1305: SHOULD+
Type 2 algorithm:
PRF_HMAC_SHA1: MUST-
PRF_HMAC_SHA2_256: MUST
PRF_HMAC_SHA2_512: SHOULD+
Type 3 algorithm:
AUTH_HMAC_SHA1_96: MUST-
AUTH_HMAC_SHA2_256_128: MUST
AUTH_HMAC_SHA2_512_256: SHOULD+ (or maybe AUTH_AES_256_GMAC??)
Yoav
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
