#3 jumps to an algorithm. In your other post, you say that: "in cases where protocols require cryptographic algorithms to provide confidentiality and integrity (ie. authenticated encryption) of the transient identifier fields some of the inherent weaknesses in transient ID generation may be mitigated.” MAY - really? So basically you’re comfortable recommending these pseudo-obfuscation methods, but refer to cryptographic algs as MAY? What it ought to say, first line of the doc, is “if your protocol expects or uses cryptographic protection means, stop reading here; you’re fine.” Joe |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call