On Fri, 20 Nov 2015, Tommy Pauly wrote:
On a broader note, many of the SHOULD algorithms (ENCR_AES_CCM_8, PRF_AES128_CBC, AUTH_AES-XCBC) are justified as being present for the purposes of Internet of Things devices. I tend to think that it would be more straightforward to have a separate document that explains the preferred algorithms for IoT devices (an IKEv2 profile for IoT, for example). However, if we do want to keep them in this document, I think it would help to have a section in the introduction to the document explaining the use case for the IoT devices and why they are now included in the bis document, whereas they were not relevant yet in RFC 4307. It may also be helpful to qualify the SHOULDs as pertaining more, perhaps, to servers; traditional VPN clients would generally not be interacting with IoT devices directly, and thus would have little reason to implement these algorithms.
I would suggest if we want to do that, to just use a [*] notation where the [*] gets explained as "For interoperability with IoT clients only" I would not want to leave it out because that will cause us to get servers that won't support IoT devices. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
