> On Sep 28, 2015, at 6:57 PM, Michael Richardson <[email protected]> wrote: > > > Tero Kivinen <[email protected]> wrote: >> We did update cryptographic algorithms for ESP and AH >> (RFC4305->4835->7321), but we have never updated the RFC4307. > >> I think there should be update for that document too, as it now defines >> following madantory to implement algorithms: > >> 1024 MODP Group, ENCR_3DES, PRF_HMAC_SHA1, AUTH_HMAC_SHA1_96. > >> And I think at least the 1024-bit MODP groupp, and perhaps the 3DES >> also should be changed to something more suitable. For exmple 2048-bit >> MODP group and ENCR_AES_CBC... > > I guess the can-o-worms called ECDSA will show up too as a SHOULD+.
Does it have to? 4307 does not mention any signature algorithms. ECDH with NIST curves and/or the new curves might should make an appearance. > Does 3DES go to MAY? I think so. > Does SHA1 go to MUST-? > > We hadn't listed SHA2 at all before. > We also have no GCM/CCM things specified. > > Are we obligted to list them as SHOULD+ for awhile? I think we should reflect what is common/best practice now. AES-GCM is now widely implemented and faster than the combination of AES-CBC and HMAC-SHA-something. I think it’s a prime candidate for MUST. CTR was always uncommon. ChaCha20+Poly1305 is so new that it can't be MUST this iteration. Maybe next time. > I think that the updates will otherwise be non-controversial. Maybe. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
