Somehow we overlooked this: the tcpcrypt document does not
currently mandate that implementations support any
particular symmetric (AEAD) algorithms.
We need to make something mandatory-to-implement, of course,
in order to ensure that compliant implementations can talk
to each other.
We propose this disposition for the three algorithms
currently specified for tcpcrypt:
MUST: AES128-GCM
SHOULD: AES256-GCM
SHOULD: CHACHA20_POLY1305
This is the arrangement TLS 1.3 uses as well.
Please comment as soon as possible if you have any concerns
with this approach.
Thanks,
daniel
_______________________________________________
Tcpinc mailing list
Tcpinc@ietf.org
https://www.ietf.org/mailman/listinfo/tcpinc
