Yoav Nir <[email protected]> wrote: >> Tero Kivinen <[email protected]> wrote: >>> We did update cryptographic algorithms for ESP and AH >>> (RFC4305->4835->7321), but we have never updated the RFC4307. >> >>> I think there should be update for that document too, as it now >>> defines following madantory to implement algorithms: >> >>> 1024 MODP Group, ENCR_3DES, PRF_HMAC_SHA1, AUTH_HMAC_SHA1_96. >> >>> And I think at least the 1024-bit MODP groupp, and perhaps the 3DES >>> also should be changed to something more suitable. For exmple >>> 2048-bit MODP group and ENCR_AES_CBC... >> >> I guess the can-o-worms called ECDSA will show up too as a SHOULD+.
> Does it have to? 4307 does not mention any signature algorithms. ECDH
> with NIST curves and/or the new curves might should make an appearance.
Sorry, that's what I meant to write, but my finger slipped.
>> Does 3DES go to MAY?
> I think so.
>> Does SHA1 go to MUST-?
>>
>> We hadn't listed SHA2 at all before. We also have no GCM/CCM things
>> specified.
>>
>> Are we obligted to list them as SHOULD+ for awhile?
> I think we should reflect what is common/best practice now. AES-GCM is
> now widely implemented and faster than the combination of AES-CBC and
> HMAC-SHA-something. I think it’s a prime candidate for MUST. CTR was
> always uncommon. ChaCha20+Poly1305 is so new that it can't be MUST this
> iteration. Maybe next time.
Agreed.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
