Hi, Paul I think we need an RFC to at least categorize the algorithms, unless we want the IANA registry to have stuff like “SHOULD-“ and “MAY+:
> On 18 Dec 2018, at 6:14, Paul Wouters <[email protected]> wrote: > > > Recently we had a discussion about mapping IANA entries to a yang model, > and the question came up whether we sould add a deprecated marker to the > IKE/ESP registries for algorithms. > > I thought it was a good idea, but not everyone agreed. > > I just stumbled upon RFC 7696: Guidelines for Cryptographic Algorithm Agility > and Selecting Mandatory-to-Implement Algorithms > > > Section 2.1: Algorithm Identifiers > > In the IPsec protocol suite, the Internet Key Exchange Protocol > version 2 (IKEv2) [RFC7296] carries the algorithm identifiers for the > Authentication Header (AH) [RFC4302] and the Encapsulating Security > Payload (ESP) [RFC4303]. Such separation is a completely fine design > choice. [...] > > An IANA registry SHOULD be used for these algorithm or suite > identifiers. Once an algorithm identifier is added to the registry, > it should not be changed or removed. However, it is desirable to > mark a registry entry as deprecated when implementation is no longer > advisable. > > So there is even an RFC stating that we should really do this :) > > I guess the main question is, can we add these via a request to IANA > based on RFC 8221 and 8247, or do we need to write a short RFC with > requests to IANA? > > Paul > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
