Yaron Sheffer writes: > > - RFC2451 "The ESP CBC-Mode Cipher Algorithms" > > This is nominally a generic document, but it's really about a list of > specific algorithms, none of which is in wide use today (we are trying > to phase out 3DES and in general 64-bit block algorithms). This document > is not referenced by RFC 4303. So I don't think we should upgrade it.
True, but it is one of the normative references to the RFC5996, but I agree that if we downgrade 3DES from MUST to MAY, then we skip this one. > > - RFC3526 "More Modular Exponential (MODP) Diffie-Hellman groups for > > Internet Key Exchange" > > Yes, probably. Although crypto recommendations are time-dependent, this > RFC describes the actual algorithms and not just their use in IKE. Yep. Meaning there is lots of use for these groups. > Do we have enough implementations of EC groups to progress RFC 5903? I > realize that NSA RFCs are not that popular nowadays... No. Because the mess with RFC5903 and RFC 4753, i.e. reusing the same IANA values for two different non-interoperable uses of the groups, I cannot say there is enough interoperable use for that RFC. I have recommended everybody not to use them, as you never know if they work, as you do not know if the other end is upgraded to Errata version of 4753 (i.e. RFC5903). Thats why I would not recommend RFC5903 to be upgraded at this time. And there is errata for RFC5903, so it does not go in my category of "Easy, no need to revise document", which was my original list selection criteria. Hmm.. actually I see that both errata entries for the RFC5903 are actually rejected, so perhaps it could still be done inplace. > > - RFC3948 "UDP Encapsulation of IPsec ESP Packets" > > Definitely. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
