daedulus@xxxxxxxxxxxxx said: > The -10 that I reviewed had > - MD5 is used to turn an IPv6 address into a 32-bit identifier > - MD5 can be used for authentication without constraint > - AES-CMAC cannot be used for authentication. SHA-1 is also in use. > I do not have a view on the first but see the second and third as > contradicting RFC8573 and so in need of change. Allowing AES-CMAC I see > as not controversial but do not have a view as to what to do with MD5 > used for authentication e.g. > - allow without constraint > - allow, but deprecated, in the YANG > - allow with a note in Security COnsiderations > - do not allow in the YANG I would suggest adding a short note at the point of use indicating that it has been deprecated with a pointer to the Security Considerations section and a paragraph there summarizing RFC 8573. -- These are my opinions. I hate spam. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
