On Tue, 23 Aug 2016, Derek Atkins wrote:
Yeah, I also disagree with the demotion of AES-128 to MUST-. It's the most widely deployed now, and when Q-C happens we can turn it off with a config change and work to remove it at that time.
I think that is fair, so let me propose the following changes for both bis documents: Current: [1] - This requirement level is for 128-bit keys. 256-bit keys are at SHOULD. 192-bit keys can safely be ignored. New: [1] - This implementation status covers 128-bit and 256-bit keys. 192-bit keys remain at MAY status. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec