Hi Paul, I meant implementations conforming to the RFC 4307 which implemented the group 2. However, users must not use the group 2 because it is not secure at this time.
If we want users not to use bad options, then we must prohibit them with "MUST NOT" for implementations. There are no reasons for saying "allowed" to implement them while asking users not to use them unless we want to say to users they are allowed to be used. This text "On the other hand, comments and recommendations from this document are also expected to be useful for such users." and the document says that the groups 2 and 5 are allowed "SHOULD NOT, not MUST NOT". All of these seem to tell users that these groups are allowed to use. Regards, Quynh. ________________________________________ From: Paul Wouters <[email protected]> Sent: Wednesday, May 11, 2016 2:15 PM To: Dang, Quynh (Fed) Cc: IPsecME WG Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-08.txt On Wed, 11 May 2016, Dang, Quynh (Fed) wrote: > We should explain that current MTI group is the group 2. But it is not? The only MUST entry for Type 4 is Group 14 (modp2048) Group 2 is SHOULD NOT. > However, users shall not use that group and the group. We should create a > similar statement for SHA1 in signatures. What users should or should not do and what implementations offer as default or not are out of scope for this document as explained in: https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis-07#section-1.3 The recommendations of this document mostly target IKEv2 implementers as implementations need to meet both high security expectations as well as high interoperability between various vendors and with different versions. Interoperability requires a smooth move to more secure cipher suites. This may differ from a user point of view that may deploy and configure IKEv2 with only the safest cipher suite. On the other hand, comments and recommendations from this document are also expected to be useful for such users. In other words, the document sets the lowest acceptable bar. An implementation only implementing MUST algorithms is obviously more secure than an implementation that implements SHUOLD NOT algorithms. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
