Hi all,
The Security AD commented the following:
> For Section 8, RFCs 2401, 2402, and 2406 are currently being revised by
> the IPsec group; that should be mentioned.
This is no problem.
> The crypto algorithm requirements should be better aligned with
> recommendations from the IPsec wg. There's a draft that lists 3DES as
> SHOULD, not MAY.
Would it be appropriate to mention something like:
The Security Area RECOMMENDS the use of 3DES.
> I think that IKEv? should be a SHOULD, not a MAY. While the IESG hasn't
> yet seen draft-bellovin-mandate-keymgmt, it will soon and it describes
> automated key management as a "strong SHOULD". That's certainly the
> consensus in the security area.
I think that the WG has gone through this several times, and SHOULD has
always seemed problematic for some uses. Does anyone have any suggestions?
> More generically, I don't think that this WG should standardize weaker
> security requirements than the security area thinks are appropriate,
> without strong justification. (Stronger requirements are fine -- they
> may have a different operational environment, or a different threat
> model.)
My general comment is that if this document can point to existing RFCs
for the security requirements, then I am happy to mandate whatever
the pointers suggest (hint to the security area, provide pointers and
I will include them).
thanks,
John
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
