On Wed, 11 May 2016, Dang, Quynh (Fed) wrote:
I meant implementations conforming to the RFC 4307 which implemented the group 2. However, users must not use the group 2 because it is not secure at this time.
I disagree that group 2 is not secure. If it was _really_ not secure it would be a candidate for an urgent MUST NOT.
If we want users not to use bad options
That is outside the scope of this document.
This text "On the other hand, comments and recommendations from this document are also expected to be useful for such users." and the document says that the groups 2 and 5 are allowed "SHOULD NOT, not MUST NOT". All of these seem to tell users that these groups are allowed to use.
that's not how I interpret that. I interpret that as "avoid when possible, there if really needed". Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
