Hi Paul, > > and define a default key length for the case when it is absent (e.g. 256 > > bits). > > Do not do this. There are broken implementations and interop issues on > this already by broken clients who don't send or omit to send KEY_LENGTH > (old versions of us included).
I don't buy this argument. There will always be broken implementations and implementers who don't read the documents. We cannot improve human being. > > It'll allow us to save few bytes by omitting attribute for most common > > cases. > > Not worth it. I agree that the win is small, but we can get it for free. After all, implicit IV is intended to be used in situations, when extra bytes on wire are expensive, so making IKE SA payload smaller for this particular transforms makes sense. But I definitely don't insist. Regards, Valery. > Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
