Daniel Migault writes: > 1) MTI? > Are there any opinion to replace Mandatory to implement by something like > "Algorithm Implementation Requirements and Usage Guidance"or close to. This > designation seems more in scope with the different status.
I agree on that. > 2) 1024-bit MODP SHOULD NOT- ? > The current draft set 1024-bit MODP Group as SHOULD NOT with the following > explanation: > > """Group 2 or 1024-bit MODP Group is downgraded from MUST- to SHOULD NOT. It > was specified earlier, and now it is known to be weak against a nation state > attack, so its security margin is considered too narrow.""" > > My understanding from the discussion at the IETF94 was that we are trying to > avoid the +/- notation but instead clarify the status with some additional > text. Actually I think it might be better to just use text, and get rid of the + and -. > The current version only use the +/- notation for AUTH_HMAC_SHA2_512_256 > SHOULD+. Here are my question for the WG: > a) Do we want to keep the notation +/- ? I would get rid of the notation, as we now have text explaining more about the status of algorithms, and that text can express things more clearly than the + and - can. > b) if not would people agree with AUTH_HMAC_SHA2_512_256 set to > SHOULD I think it should be SHOULD. > Depending on the above outputs, are there any opinion for: > c) Changing the status from SHOULD NOT to SHOULD NOT + ? > d) Explicitely mentionning in the text that we expect it to downgraded to > MUST NOT in the near future. I do not know if it is near future, but sometime in future. And yes, I think we should state that. > 3) +/- notations? > If we keep the +/- notations, I agree we should define +/- only.I will change > that unless some people think it is a bad idea. > > 4) Curve25519 ? > Curve25519 is by default set to MAY. If we still have the -/+ notation would > people agree to have MAY+ for its status. If I remember correctly, we did not > mentionned Curve25519 to SHOULD as it is not yet widely deployed. By default > all non mentioned algorithms are set to MAY. Maybe having MAY+ would be good > alternative to show what we expect next and enable implementer to anticipate. > Here are my questions: > e) Should we upgrade Curve25519 to MAY+? I think we can have Curve25519 listed as MAY, with text explaining that if it gets widely implemented then it most likely will be upgraded to should or even must in the future. Btw, there is quite a lot of changes in the draft now, so I think it would be good idea to publish 02 version now, as drafts are easier to read than the changes in some repository. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
