Because I basically sent the message twice (first time to a fictional IPSec wg list), the authors and I have worked out the answers on the first version of the message. I think everything is pretty well sorted, I believe I'm just waiting for a new version so I can send it to IETF Last Call. (changed to 'MUST NOT', and they explained the IANA situation, as well as the other comments). Super prompt, and a nice exchange.
Deb On Sat, Nov 16, 2024 at 7:46 AM Paul Wouters <p...@nohats.ca> wrote: > > > > > On Nov 16, 2024, at 12:37, Tero Kivinen <kivi...@iki.fi> wrote: > > > > Deb Cooley writes: > >> Section 4.4.2: Is there a circumstance where distributing both ESP and > AH > >> policies for the same set of Traffic Selectors would be sensible? If > not, > >> should this be MUST NOT? > > > > I think this is aligning with the Cryptographic Algorithm > > Implementation Requirements and Usage Guidance for ESP and AH RFC8221 > > which says: > > > > ---------------------------------------------------------------------- > > 4. Encryption Must Be Authenticated > > ... > > The last method that can be used is ESP+AH. This method is NOT > > RECOMMENDED. It is the slowest method and also takes up more octets > > It was NOT RECOMMENDED instead of MUST NOT because some old versions of > raccoon did this by default. For group ike, I see no reason for to repeat > this and MUST NOT is fine? > > Paul
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
