[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-06.txt
From: Tero Kivinen <kivinen () iki ! fi>
Date: 2016-04-06 18:06:32
Message-ID: 22277.20520.264319.773683 () fireball ! acr ! fi
[Download RAW message or body]
internet-drafts@ietf.org writes:
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the IP Security
> Maintenance and Extensions of the IETF.
This version includes the pre-shared keys (or "Shared Key Message
Integrity Code") in the authentication method table, as it specified
in the RFC7296 as mandatory to implement, so we want to say it MUST
here too. While I was doing that change, I noticed that we actually
update the RFC7296, as the 7296 section 4 has text saying that RSA
with key lengths of 1024 or 2048 are mandatory. In our section 4.1.1
we actually say that RSA key lengths with less than 2048 bits are
SHOULD NOT, so our recommendation are different than what is in the
RFC7296. After quick verify from our WG chair, I marked this document
as updating the RFC7296 (and added the missing fact that is obsoletes
rfc4307). The fact that this updates RFC7296 was also added in the
introduction.
In addition to those changes, this contains some fixes for some typos
etc (especially in the section 5 algoritms for IoT).
With these changes, I think this document is ready for the WGLC.
> Title : Algorithm Implementation Requirements and Usage Guidance for IKEv2
> Authors : Yoav Nir
> Tero Kivinen
> Paul Wouters
> Daniel Migault
> Filename : draft-ietf-ipsecme-rfc4307bis-06.txt
> Pages : 16
> Date : 2016-04-06
>
> Abstract:
> The IPsec series of protocols makes use of various cryptographic
> algorithms in order to provide security services. The Internet Key
> Exchange (IKE) protocol is used to negotiate the IPsec Security
> Association (IPsec SA) parameters, such as which algorithms should be
> used. To ensure interoperability between different implementations,
> it is necessary to specify a set of algorithm implementation
> requirements and usage guidance to ensure that there is at least one
> algorithm that all implementations support. This document defines
> the current algorithm implementation requirements and usage guidance
> for IKEv2. This document does not update the algorithms used for
> packet encryption using IPsec Encapsulated Security Payload (ESP).
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc4307bis/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis-06
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-rfc4307bis-06
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
--
kivinen@iki.fi
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic