Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts

Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 26 February 2014 08:15 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 664731A0047 for <ipsec@ietfa.amsl.com>; Wed, 26 Feb 2014 00:15:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48Qg8wTqbq-L for <ipsec@ietfa.amsl.com>; Wed, 26 Feb 2014 00:15:03 -0800 (PST)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id F26541A0078 for <ipsec@ietf.org>; Wed, 26 Feb 2014 00:15:02 -0800 (PST)
Received: by mail-wg0-f46.google.com with SMTP id z12so1377955wgg.5 for <ipsec@ietf.org>; Wed, 26 Feb 2014 00:15:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Q4tNVjdKMlKSCmXj9jAPt+NVRSwieApaF7wqzpKF+Nw=; b=d5RjiSUY8ySspiU2th1BCHXhyWy0gb272rNcuXWAFyRhlt0FLEKSwDFwlaVjKuDwnr 7w3iRcLYodK5iNUHWK0Qb4Kjm/x9n/57BieXIubLPvwk7ACayjWVs7Sd06yH11TkpCb3 i8/jSUA88zP9kDVE8GT1jG1q7BNwTL65TmvbLBgcl6fgybuUJwq2P6CzXSQyYw5rS7xO gih0Ny/LIVSZ/t6ClNKOHmCcL4/3QwnXUMMvAOv9tORwNSjdv6UHhq9UmNu+a3Z/lIej qJZKtoxyn1k/n3YeXAZnLgsM2VzYXkMF0ClsiM3hpqw8U14Bbxfgubvt3ZGaFMOSalHX YBtA==
X-Received: by 10.194.219.132 with SMTP id po4mr1190540wjc.7.1393402501375; Wed, 26 Feb 2014 00:15:01 -0800 (PST)
Received: from [10.2.0.25] (93-173-72-197.bb.netvision.net.il. [93.173.72.197]) by mx.google.com with ESMTPSA id di9sm3073669wid.6.2014.02.26.00.15.00 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 26 Feb 2014 00:15:01 -0800 (PST)
Message-ID: <530DA283.3080606@gmail.com>
Date: Wed, 26 Feb 2014 10:14:59 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>, Paul Wouters <paul@cypherpunks.ca>
References: <530CE583.6030801@gmail.com> <C1A9B4B9-FABA-4EAB-B325-88DCB3F3D9CB@gmail.com> <alpine.LFD.2.10.1402251615220.21879@bofh.nohats.ca> <7722BB5C-67E3-4A26-B767-D31FA122ABFB@vpnc.org>
In-Reply-To: <7722BB5C-67E3-4A26-B767-D31FA122ABFB@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/MiNZkS0TqSx6p2mcHahTVtodxxQ
Cc: ipsec <ipsec@ietf.org>
Subject: Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 08:15:11 -0000

(Hats off)

+1 on making single-DES CBC a MUST NOT.

	Yaron

>
>> Why is DES-CBC a SHOULD NOT+ instead of a MUST NOT? Is there any sane
>> modern IKE daemon that allows 1DES (or modp768)
>
> The WG has never voiced a MUST NOT for this before. I'm fine with making that change if no one objects.
>