Daniel Shiu writes: > Many thanks for all of the comments. I feel that AUTH_HMAC_SHA1_96 > should be formally deprecated not necessarily for its security* > relative to the deprecated AUTH_HMAC_SHA1_160, but for purposes of > consistency, clarity and in support of a broad migration away from > SHA-1 dependencies.
Note, that AUTH_HMAC_SHA1_160 was never defined for general IPsec, it was only to be used with Fibre Channel Security Association Management Protocol RFC4595, so no IPsec implementations used it, and it was deprecated because of that. AUTH_HMAC_SHA1_96 is still in use, and will slowly be replaced with AUTH_HMAC_SHA2_256_128, which is the new mandatory to implement algorithm. Because AUTH_HMAC_SHA1_96 used to be mandatory it was moved t MUST-, not to SHOULD NOT or MUST NOT while AUTH_HMAC_SHA2_256_128 was made MUST. In the next update of the Algorithm Implementation Requirements and Usage Guidance for IKEv2 (RFC8247) and ESP and AH (RFC8221) they will most likely be changed to some level of deprecation. I think that for ESP and AH most implementations have moved to use AEAD ciphers, but my feeling is that for IKEv2 people still use some non-AEAD algorithms, i.e., either AUTH_HMAC_SHA1_96 or AUTH_HMAC_SHA2_256_128. > I’m a relative newcomer to IETF and it may be that the administrative and > process overheads are excessive for these goals and I am happy to take > guidance on this point. In IPsecME we update the Algorithm Implementation Requirements and Usage Guidance documents every few years (5-10), last time we did this in 2017 and before that 2014 and 2007. So I think we are getting close to the next time we should review those documents and update the recommendations. My plans is to recharter IPsecME WG soon to add new items, and adding this item there also would make sense. -- kivi...@iki.fi _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
