The IESG has approved the following documents:
- 'Cryptographic Algorithms for use in the Internet Key Exchange Version 2 '
<draft-ietf-ipsec-ikev2-algorithms-05.txt> as a Proposed Standard
- 'Cryptographic Suites for IPsec '
<draft-ietf-ipsec-ui-suites-06.txt> as a Proposed Standard
These documents are products of the IP Security Protocol Working Group.
The IESG contact persons are Russ Housley and Steve Bellovin.
Technical Summary
The IPSec series of protocols makes use of various cryptographic
algorithms to provide security services. The Internet Key Exchange
(both IKEv1 and IKEv2) provide a mechanism to negotiate which
algorithms should be used for a particular association. However to
ensure interoperability between disparate implementations, this
document specifies a set of mandatory to implement algorithms, thereby
ensuring that there will be at least one algorithm that all
implementations will have available. This document also specifies
algorithms that should be implemented because they made be promoted to
mandatory at some future time.
Working Group Summary
The IPsec Working Group came to rough consensus on this document.
Protocol Quality
This document was reviewed by Russell Housley for the IESG.
RFC Editor Note
Please change "MUST" to "MUST-" in the last paragraph of
section 4.1.1 to make it consistent with section 4.1.3.
OLD
For confidentiality, implementations MUST implement 3DES-CBC and
SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be
implemented.
NEW
For confidentiality, implementations MUST- implement 3DES-CBC and
SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be
implemented.
_______________________________________________
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
