Hi Peter, Actually, the idea of the draft was to detail the existing requirements, based on existing RFCs - not to create new requirements. We've discussed with the Security ADs that there would be a need for the IPsec WG to create a list of recommended encryption mechanisms and that this draft could reference such a spec.
John > -----Original Message----- > From: ext Peter Bell [mailto:[EMAIL PROTECTED] > Sent: 18 June, 2003 02:09 > To: Loughney John (NRC/Helsinki) > Cc: [EMAIL PROTECTED] > Subject: Re: Next steps on the IPv6 Node requirements draft > > > Along with removing DES from the "SHALL" list, it looks > likely that AES > will be added to the IPSec SHALL requirements, perhaps this > draft should > include AES. > > Peter. > > [EMAIL PROTECTED] wrote: > > > > Hi all, > > > > I've updated the draft on 4 major points that were > discussed at the IETF. Roughly > > they cover stateful address autoconfig support, DHCP > support, MIPv6 support and DES > > support. > > > > > 4) DES support removed: > > > > The "ESP DES-CBC Cipher Algorithm With Explicit IV" > [RFC-2405] SHOULD NOT be supported. > > Security issues related to the use of DES are discussed in > [DESDIFF], [DESINT], > > [DESCRACK]. It is still listed as required by the existing > IPsec RFCs, but as it is > > currently viewed as an inherently weak algorithm, and no > longer fulfills its intended role. > > > > -- > // > // Peter L. Bell [EMAIL PROTECTED] > // +61 2 9805 2955 > // Blessed are the Peacemakers, they shall be called Sons of God. > // > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
