John Mattsson writes: > Not too late to change. According to NIST, 2048-bit MODP Group and 224-bit > Random ECP Group are MUST NOT use if the information you are protecting have a > lifetime longer than 8 years (2031 - today). 1024-bit MODP is two security > levels below that. I think IETF in generally way to slow if deprecating stuff. > I would love to see the following deprecated as well:
I.e., if your information needs only to be protected for few months, those smaller groups should be ok... Also note, that IETF does not give recommendations of the policy of which algorithms users should be using. IETF is giving recommendations of which algorithms are in actual implemenations. If we deprecate some algorithms that means that the implementations will remove support for that algorithms at some point. I.e., then we are taking options away from users and they can't use them even if they would be completely suitable for them in their environment. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
