On Mon, 12 Aug 2024, Tero Kivinen wrote:
Because AUTH_HMAC_SHA1_96 used to be mandatory it was moved t MUST-, not to SHOULD NOT or MUST NOT while AUTH_HMAC_SHA2_256_128 was made MUST.
In the next update of the Algorithm Implementation Requirements and Usage Guidance for IKEv2 (RFC8247) and ESP and AH (RFC8221) they will most likely be changed to some level of deprecation.
Yes, in 2017! These documents need updating.
I think that for ESP and AH most implementations have moved to use AEAD ciphers, but my feeling is that for IKEv2 people still use some non-AEAD algorithms, i.e., either AUTH_HMAC_SHA1_96 or AUTH_HMAC_SHA2_256_128.
In my experience, IKEv2 stacks always defaulted to AES_CBC-SHA2, with either MODP2048 or P256. It is correct that not all IKEv2 stacks do AEADs for IKE. I think we can do MUST NOT for SHA1.
In IPsecME we update the Algorithm Implementation Requirements and Usage Guidance documents every few years (5-10), last time we did this in 2017 and before that 2014 and 2007. So I think we are getting close to the next time we should review those documents and update the recommendations. My plans is to recharter IPsecME WG soon to add new items, and adding this item there also would make sense.
Yes we should! Paul _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org