Tero Kivinen <[email protected]> wrote: > We did update cryptographic algorithms for ESP and AH > (RFC4305->4835->7321), but we have never updated the RFC4307.
> I think there should be update for that document too, as it now defines
> following madantory to implement algorithms:
> 1024 MODP Group, ENCR_3DES, PRF_HMAC_SHA1, AUTH_HMAC_SHA1_96.
> And I think at least the 1024-bit MODP groupp, and perhaps the 3DES
> also should be changed to something more suitable. For exmple 2048-bit
> MODP group and ENCR_AES_CBC...
I guess the can-o-worms called ECDSA will show up too as a SHOULD+.
Does 3DES go to MAY?
Does SHA1 go to MUST-?
We hadn't listed SHA2 at all before.
We also have no GCM/CCM things specified.
Are we obligted to list them as SHOULD+ for awhile?
I think that the updates will otherwise be non-controversial.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
