Can we make all the compression algorithms SHOULD NOT instead of MAY?
TLS got rid of compression altogether, there are numerous attacks on
compressed traffic, and even the document states that these algorithms
are not widely implemented.
Thanks,
Yaron
On 02/09/16 05:49, Paul Wouters wrote:
I just published draft-mglt-ipsecme-rfc7321bis-03 (well and -02)
(ietf announcement of these seems delayed?)
https://tools.ietf.org/html/draft-mglt-ipsecme-rfc7321bis-03
The changes are:
- Update 256-bit key sizes to MUST (except IoT) - similar to 4307bis
- Add Security Section from RFC7321
- Removed MAY algorithms (RC5, CAST, IDEA, ENCR_AES_CCM_16)
- Added note on ENCR_BLOWFISH
- Removed notes on removed MAY list entries (CCM & GCM flavours, GMAC,
CMAC))
- Removed non-ipsec entries and added note to introduction on these
- Removed no longer used RFC-4595 reference
I think this document is now ready for a call for adoption.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
