Please take a look at these two documents: draft-ietf-ipsec-ikev2-algorithms-04.txt draft-ietf-ipsec-esp-ah-algorithms-01.txt
At 03:07 PM 2/13/2004 +0200, [EMAIL PROTECTED] wrote:
Hi all,
The Security AD commented the following:
> For Section 8, RFCs 2401, 2402, and 2406 are currently being revised by > the IPsec group; that should be mentioned.
This is no problem.
> The crypto algorithm requirements should be better aligned with > recommendations from the IPsec wg. There's a draft that lists 3DES as > SHOULD, not MAY.
Would it be appropriate to mention something like:
The Security Area RECOMMENDS the use of 3DES.
> I think that IKEv? should be a SHOULD, not a MAY. While the IESG hasn't > yet seen draft-bellovin-mandate-keymgmt, it will soon and it describes > automated key management as a "strong SHOULD". That's certainly the > consensus in the security area.
I think that the WG has gone through this several times, and SHOULD has always seemed problematic for some uses. Does anyone have any suggestions?
> More generically, I don't think that this WG should standardize weaker > security requirements than the security area thinks are appropriate, > without strong justification. (Stronger requirements are fine -- they > may have a different operational environment, or a different threat > model.)
My general comment is that if this document can point to existing RFCs for the security requirements, then I am happy to mandate whatever the pointers suggest (hint to the security area, provide pointers and I will include them).
thanks, John
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
