On Fri, 9 Oct 2015, Yaron Sheffer wrote:
RFC 4307 just barely mentions key lengths, by implying that ENCR_AES_CBC really means AES-128-CBC. I think the new document should be clear about recommended key lengths for the relevant algorithms. This may be opening a can of worms, but you don't have interoperability without it.
If we do, I suggest recommending 128/256 and demoting 192 to MAY. No one uses 192 that I know, although I dont enter TLA datacenters much :P Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
