I think that would be a very useful document.
Quynh.
From: Paul Wouters <p...@nohats.ca>
Sent: Friday, August 11, 2017 11:05:59 AM
To: Dang, Quynh (Fed)
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Preference of ESP over AH in RFC7321bis question.
On Fri,
Hi all,
In RFC 7321, we basically said that ESP is preferred over AH. However, that
recommendation is not in the current RFC7321bis.
Was that an accidental mistake or because people using AH wanted to remove that
recommendation ?
Thank you,
Quynh.
Hi Paul,
Thank you for sharing the paper.
A conclusion of the paper was "Our results are yet another reminder that
1024-bit primes should be considered insecure for the security of cryptosystems
based on the hardness of discrete logarithms. The discrete logarithm
computation for our
Hi Tero,
That was why I said "around" when talking about security strength.
Again, I like your proposed text change!
Regards,
Quynh.
From: Tero Kivinen <kivi...@iki.fi>
Sent: Friday, May 13, 2016 4:45:39 AM
To: Dang, Quynh (Fed)
Cc
.ca>
Sent: Thursday, May 12, 2016 9:46:58 AM
To: Dang, Quynh (Fed)
Cc: IPsecME WG; Tero Kivinen
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-08.txt
On Thu, 12 May 2016, Dang, Quynh (Fed) wrote:
> I like your proposed new text. I also recommend to add something like this:
Thursday, May 12, 2016 6:21:13 AM
To: Dang, Quynh (Fed)
Cc: p...@nohats.ca; IPsecME WG
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-08.txt
Dang, Quynh (Fed) writes:
> I meant implementations conforming to the RFC 4307 which implemented
> the group 2. However, users must not u
s." and the document says that the
groups 2 and 5 are allowed "SHOULD NOT, not MUST NOT". All of these seem to
tell users that these groups are allowed to use.
Regards,
Quynh.
From: Paul Wouters <p...@nohats.ca>
Sent: Wednesday,
.
From: Paul Wouters <p...@nohats.ca>
Sent: Wednesday, May 11, 2016 11:50:09 AM
To: Dang, Quynh (Fed)
Cc: IPsecME WG
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-08.txt
On Wed, 11 May 2016, Dang, Quynh (Fed) wrote:
> As I explained before,
Hi all,
As I explained before, the group numbers 5 and 2 should become "MUST NOT"
because they don't provide 112 bits of security.
And, all signatures with SHA1 should become "MUST NOT".
Regards,
Quynh.
From: IPsec on behalf
pril 14, 2016 11:22 AM
To: Dang, Quynh (Fed)
Cc: IPsecME WG; Paul Hoffman; Frankel, Sheila E. (Fed)
Subject: Re: [IPsec] WG Last Call on draft-ietf-ipsecme-rfc4307bis
On Thu, 14 Apr 2016, Dang, Quynh (Fed) wrote:
> 1) All of the DH-groups smaller than 2K in the table 3.4 must not be used
>
Hi Paul and all,
1) All of the DH-groups smaller than 2K in the table 3.4 must not be used
because they are not strong enough. Right now, groups 5, 2 and 22 are being
listed as "should not" which means that "must not use unless a user has a
strong reason". The problem is that a user can
11 matches
Mail list logo