(Hats off) +1 on making single-DES CBC a MUST NOT.
Yaron
Why is DES-CBC a SHOULD NOT+ instead of a MUST NOT? Is there any sane modern IKE daemon that allows 1DES (or modp768)The WG has never voiced a MUST NOT for this before. I'm fine with making that change if no one objects.
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
