Yoav Nir writes: > > That same draft could also point references to the suitable cfrg > > document, and recommend not using the ph versions. > > Like this? > https://tools.ietf.org/html/draft-nir-ipsecme-eddsa-00
Yep. One nit: OLD To signal within IKE that no hashing needs to be done. A new value has to be signalled in the SIGNATURE_HASH_ALGORITHMS notification, one that indicates that no hashing is performed. NEW To signal within IKE that no hashing needs to be done, we need a new value in the SIGNATURE_HASH_ALGORITHMS notification to signal that. Why only SHOULD NOT for pre-hashed version? Would it not be better to just say MUST NOT? -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
