> > On Nov 16, 2024, at 12:37, Tero Kivinen <kivi...@iki.fi> wrote: > > Deb Cooley writes: >> Section 4.4.2: Is there a circumstance where distributing both ESP and AH >> policies for the same set of Traffic Selectors would be sensible? If not, >> should this be MUST NOT? > > I think this is aligning with the Cryptographic Algorithm > Implementation Requirements and Usage Guidance for ESP and AH RFC8221 > which says: > > ---------------------------------------------------------------------- > 4. Encryption Must Be Authenticated > ... > The last method that can be used is ESP+AH. This method is NOT > RECOMMENDED. It is the slowest method and also takes up more octets
It was NOT RECOMMENDED instead of MUST NOT because some old versions of raccoon did this by default. For group ike, I see no reason for to repeat this and MUST NOT is fine? Paul _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
