RFC 4869 makes some statements like:
The authentication method used with IKEv1 MAY be either pre-shared
key [RFC2409] or ECDSA-256 [RFC4754].
That seems to me like an empty statement, since it doesn't require any
particular set of choices nor does it proscribe any choice.
Is it intended to proscribe the use of non-ECDSA digital signatures such
as RSA, and therefore limit the options to pre-shared key and ECDSA-256? I
wonder if it should read "MUST" instead?
Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://scott.andstuff.org/
http://www.linkedin.com/in/smoonen
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
