Hi Russ, > Please take a look at these two documents: > draft-ietf-ipsec-ikev2-algorithms-04.txt > draft-ietf-ipsec-esp-ah-algorithms-01.txt
Thanks for the pointers. These look reasonable to add to the Node Req document. Does anyone have problems with me putting these as requirements in the Security section? John > At 03:07 PM 2/13/2004 +0200, [EMAIL PROTECTED] wrote: > >Hi all, > > > >The Security AD commented the following: > > > > > For Section 8, RFCs 2401, 2402, and 2406 are currently > being revised by > > > the IPsec group; that should be mentioned. > > > >This is no problem. > > > > > The crypto algorithm requirements should be better aligned with > > > recommendations from the IPsec wg. There's a draft that > lists 3DES as > > > SHOULD, not MAY. > > > >Would it be appropriate to mention something like: > > > > The Security Area RECOMMENDS the use of 3DES. > > > > > I think that IKEv? should be a SHOULD, not a MAY. While > the IESG hasn't > > > yet seen draft-bellovin-mandate-keymgmt, it will soon and > it describes > > > automated key management as a "strong SHOULD". That's > certainly the > > > consensus in the security area. > > > >I think that the WG has gone through this several times, and > SHOULD has > >always seemed problematic for some uses. Does anyone have > any suggestions? > > > > > More generically, I don't think that this WG should > standardize weaker > > > security requirements than the security area thinks are > appropriate, > > > without strong justification. (Stronger requirements are > fine -- they > > > may have a different operational environment, or a > different threat > > > model.) > > > >My general comment is that if this document can point to > existing RFCs > >for the security requirements, then I am happy to mandate whatever > >the pointers suggest (hint to the security area, provide pointers and > >I will include them). > > > >thanks, > >John > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [EMAIL PROTECTED] > Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
