On Mon, 12 Oct 2015, Paul Hoffman wrote:
On the other hand I assume that in practice those IoT implementations
are going to ignore this completely, and only implement the ciphers
they use, and they will not be implementing all mandatory to implement
ciphers, as they do not have space for them.
This is a reasonable observation about deployment of IPsec. In the pre-IoT
past, we have had the same discussion, with some developers saying "I am
supposed to write a system for a particular customer who has a particular set
of algorithms that they have chosen for their application; why should that be
considered out of compliance with the IETF?"
Right, and comments on that can go into draft-ietf-lwig-ikev2-minimal
Thus, the WG needs to decide the desired scope of the requirements for this
document are and put them into the document. Without that, we can endlessly
debate about particular choices for "MUST" and even "SHOULD".
My preference is for one document to clarify all crypto considerations
and updates. And for that document to update 7296.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
