On Mon, 6 Jan 2020, Alissa Cooper via Datatracker wrote:
I think this document should formally update RFC 7296. Was that discussed in the WG?
Extensions do not update the core RFC, unless they change behaviour specified in that core RFC. That is, someone implementing the core RFC should know about this extension because they need to change something in their implementation of the core RFC (not this document). I do not think that is the case here. So I do not think it should Update 7296.
I think the citation for [NISTPQCFP] should link to the actual call for proposals.
Is that a really stable link? I'm sceptical (of most external links)
Section 6: "In addition, the policy SHOULD be set to negotiate only quantum- resistant symmetric algorithms; while this RFC doesn't claim to give advice as to what algorithms are secure (as that may change based on future cryptographical results), below is a list of defined IKEv2 and IPsec algorithms that should not be used, as they are known to provide less than 128 bits of post-quantum security" This paragraph mixes normative SHOULD with non-normative "should not" in the same paragraph. I was wondering if that is intentional.
I think capitalizing "should not" makes sense. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec