On Wed, 23 Nov 2022, Tero Kivinen wrote:
I.e., the main reason being that group 2 was only MUST algorithm before, and moving it from MUST to MUST NOT while we do not have any oher algorithms as MUST was considered bad. Also the group is formed inin a deterministic way which should not make it possible that the group is created to be weak from the beginning.
Right, so if we were to update 8247 (post ikev1 historicness), we should do: * AES_GCM_16 from SHOULD to MUST * AES_CBC from MUST to SHOULD * 3DES from MAY to MUST NOT * PRF_HMAC_SHA1 from MUST- to SHOULD * AUTH_HMAC_SHA1_96 from MUST- to SHOULD * 1024-bit MODP Group from SHOULD NOT to MUST NOT * 1536-bit MODP Group from SHOULD NOT to MUST NOT Arguably, the SHA1 entries could go to MUST NOT because no one should have ever had a need for those for IKEv2. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
