On Mon, 8 Jun 2020, Scott Fluhrer (sfluhrer) wrote:
How about this text (which integrates suggestions both from the security considerations of both RFC7296 and the PPK text, while trying to not sound like Frankentext [1].
That is okay with me.
And, I would agree with Valery; I also would prefer to avoid putting numbers that sound concrete; especially on something that is hard to measure (and “amount of entropy” is notoriously hard to measure – you can measure length, but that doesn’t actually mean “guessability”, which is what we’re trying to get at).
I agree with not putting in numbers. I am worried about rejecting anything as an implementation though because whichever implementation has the strongest checks will be the least compatible. So in the end, the text you suggested to add will have to be completely ignored by implementers :/ Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
