Valery has posted an updated ID, and I have put it in for a 3 week IETF Last Call (based on the complexity of the draft). Let us (authors, really) if you have further comments.
Deb On Sun, Nov 17, 2024 at 6:41 PM Deb Cooley <debcool...@gmail.com> wrote: > Because I basically sent the message twice (first time to a fictional > IPSec wg list), the authors and I have worked out the answers on the first > version of the message. I think everything is pretty well sorted, I > believe I'm just waiting for a new version so I can send it to IETF Last > Call. (changed to 'MUST NOT', and they explained the IANA situation, as > well as the other comments). Super prompt, and a nice exchange. > > Deb > > On Sat, Nov 16, 2024 at 7:46 AM Paul Wouters <p...@nohats.ca> wrote: > >> >> > >> > On Nov 16, 2024, at 12:37, Tero Kivinen <kivi...@iki.fi> wrote: >> > >> > Deb Cooley writes: >> >> Section 4.4.2: Is there a circumstance where distributing both ESP >> and AH >> >> policies for the same set of Traffic Selectors would be sensible? If >> not, >> >> should this be MUST NOT? >> > >> > I think this is aligning with the Cryptographic Algorithm >> > Implementation Requirements and Usage Guidance for ESP and AH RFC8221 >> > which says: >> > >> > ---------------------------------------------------------------------- >> > 4. Encryption Must Be Authenticated >> > ... >> > The last method that can be used is ESP+AH. This method is NOT >> > RECOMMENDED. It is the slowest method and also takes up more octets >> >> It was NOT RECOMMENDED instead of MUST NOT because some old versions of >> raccoon did this by default. For group ike, I see no reason for to repeat >> this and MUST NOT is fine? >> >> Paul > >
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
