Fine with me Sent from my iPhone
> On Apr 7, 2016, at 11:09, Tero Kivinen <[email protected]> wrote: > > Valery Smyslov writes: >> After re-reading the draft I think that I'm also a bit unhappy with >> the way the last table (Section 4.2) is introduced. The draft says >> that this table is: >> >> Recommendation of Authentication Method described in [RFC7427] >> notation. >> >> However, the values from this table are just examples in RFC7427. >> Why exactly these algorithms were selected for recommendation? > > Note, that most of them are MAY, so we should really remove them from > this draft. And they are the algorithms we expect people to use. > >> What about others (EdDSA, GOST etc)? > > EdDSA is just about getting oid, so we cannot really list it here. For > GOST I have no idea what the oid would be. Both of them would be in > the same level as sha256WithRSAEncryption, sha384WithRSAEncryption, > sha512WithRSAEncryption, sha512WithRSAEncryption, dsa-with-sha256, > ecdsa-with-sha384, and ecdsa-with-sha512. > >> I understand that the algorithms listed were probably most popular >> (at least some of them) at the time RFC 7427 ws written. But why >> continue to maintain this list, when it is just a list of examples >> in RFC7427? > > One of the reason RF7427 lists that many oids, is that there is no > centralized registry for them. I.e. you cannot go somewhere and get > list of OIDs you can use for signatures, so RF7427 tried to collect > all signature algortihms people might use. > > Anyways I think we need to remove all that is not SHOULD or SHOULD NOT > from the list, i.e., everything we have MAY recommendation in the > list. > >> Well, I understand that some recommendations should be given. >> But probably only those signing algorithms that have non-MAY >> status should be listed and a note should be added that >> all others are MAY (that will refer to any unlisted signature >> algorithm)? > > I agree on removing all MAY algorithms, we do not need note, as that > is already said in the section 1.2. > -- > [email protected] > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
