Daniel Migault writes: > I have the impression the recommendation goes beyond the scope of > IKEv2 and is more targeting Certificates. On the other hand, having > these requirements would make all cryptographic requirements fit > into a single document IKEv2 As a result, I would rather have a > section with a link to a document that contains requirements that > are specific to the Certificates.
Partially yes, but the final certificate is also used in the IKEv2 for the authentication, so at least specifying something about that in here would be in line with RFC7296. Also as we currently do say bit sizes in the RFC7296, I think it is good idea to keep them up to date. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
