On Wed, 20 Jan 2016, Daniel Migault wrote:
Please find the working version of version 03:
https://github.com/mglt/drafts/commit/40e6a1e0e99064b54a328e27f0c3d498c2c7164c
Feel free to provide comments.
+ <t>The recommendations of this document mostly target IKEv2 implementers
as implementations needs to meet
Remove "mostly"?
implementations needs to meet both high security expectations as well as high
interoperability between various vendors
"high interoperability" does not really work for me. How about "wide
interoperability" or industry-wide or "a wide range of
interoperability".
a user -> an user
Avoid the word "cipher suites" because it kind of has a TLS meaning. How
about safest algorithms ?
On the other hand, -> Although
+ <t>Group 22-24 or 1024-bit MODP Group with 160-bit and 2048-bit MODP Group with 224-256-bit Prime Order
+ Subgroup are exposed to synchronization or transcription attacks.</t>
I'd split this up. 1024-bit MODP Group is getting too weak to be
expected to provide a
Here are the recommendations -> Recommendations
lower than 2048 -> smaller than 2048
B) PKIX
Do we need something more ?
Maybe try and limit it and see the PKIX authenticatiom should use an
algorithm of equal of stronger security than the PRF/INTEG ?
C) Intended Audience:
Specifying the implementer vs users:
See above.
Perhaps after this bump the draft and ask the WG for feedback?
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
