On Wed, 13 Apr 2016, Yaron Sheffer wrote:
Anyways when we make Digital Signature authentication method a MUST,
we can also make RSASSA-PSS with SHA-256 a MUST.
The question there is should we already mark this fact by making it
now SHOULD+, as we do expect it to be next mandatory to implement
algorithm if Digital Signature authentication method really gets
deployed?
IMHO, yes.
I dont think we should make anything a SHOULD+ that we have not seen
interoperate in the wild. In fact, even a SHOULD is pushing it already,
but we really do want to push it in this case.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
