On Sun, Nov 27, 2022 at 2:03 PM Paul Wouters <[email protected]> wrote: > On Wed, 23 Nov 2022, Tero Kivinen wrote: > > > I.e., the main reason being that group 2 was only MUST algorithm > > before, and moving it from MUST to MUST NOT while we do not have any > > oher algorithms as MUST was considered bad. Also the group is formed > > inin a deterministic way which should not make it possible that the > > group is created to be weak from the beginning. > > Right, so if we were to update 8247 (post ikev1 historicness), we should > do: > > * AES_GCM_16 from SHOULD to MUST > * AES_CBC from MUST to SHOULD > * 3DES from MAY to MUST NOT > > * PRF_HMAC_SHA1 from MUST- to SHOULD > > * AUTH_HMAC_SHA1_96 from MUST- to SHOULD > > It is tempting to speed it up to SHOULD NOT though SHA1 may not be a big issue there.
> * 1024-bit MODP Group from SHOULD NOT to MUST NOT > * 1536-bit MODP Group from SHOULD NOT to MUST NOT > > Arguably, the SHA1 entries could go to MUST NOT because no one should > have ever had a need for those for IKEv2. > > Paul > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > -- Daniel Migault Ericsson
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
