> As Warren asked us to check the option of combining both drafts, > I'm not sure if a general vote for one draft is the best way forward. > > I would appreciate if all interested parties (incl Tom and David) > could indicate their preference in the following 3 questions: > > 1. Should the protocols be described > a) as "diff" to the previous protocols like done in draft-hmac, or > b) completely and based on a decription of a generic hmac-based > authentication protocol, as done in draft-hartman?
a. as "diff" > 2. Should the protocols be based on complete or truncated HMACs? truncated > 3. Which (sub)set of protocols (hash function, MAC length) should be selected? usmHMAC192SHA256AuthProtocol and usmHMAC384SHA512AuthProtocol. I don't have a strong opinion on this, I only pick these 2 based on comments from Wes and Uri who both understand security better than I do. Wes> I'm not entirely convinced that a 256bit truncation is better than a Wes> 384 bit truncation, so my preference would be to include just two Wes> algorithms because I don't think they're all needed and will just make Wes> things more confusing. So I'd pick the best two of the 6 and go with Wes> them, for which my preference would be: Wes> 1) MUST: usmHMAC192SHA256AuthProtocol Wes> SHOULD: usmHMAC384SHA512AuthProtocol Wes> 2) MUST: usmHMAC192SHA256AuthProtocol Wes> SHOULD: usmHMAC256SHA512AuthProtocol Uri> Can we have mandatory-to-implement in an "optional" RFC? Assuming the Uri> answer is yes, I'd recommend: Uri> For those who implement this RFC, usmHMAC192SHA256AuthProtocol is MUST, Uri> usmHMAC384SHA512AuthProtocol is SHOULD, everything else is MAY. -David Reid _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
