Date: Fri, 24 May 2019 07:44:42 -0700 From: John Baldwin <jhb@FreeBSD.org> To: rgrimes@FreeBSD.org Cc: src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Subject: Re: svn commit: r348205 - head/sys/netipsec Message-ID: <ab397475-0a04-a948-4a32-d872dc20ca38@FreeBSD.org> In-Reply-To: <201905240134.x4O1YUbA093317@gndrsh.dnsmgr.net> References: <201905240134.x4O1YUbA093317@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/23/19 6:34 PM, Rodney W. Grimes wrote: > I did not need that info, just a list of IANA assigned numbers > of things you can not find in RFC/Ietf documents. I'll do the > leg work from the other side and if Ietf/Iana documents need > fixed I'll get that in process. Oh, to be clear, that specific language is direct from RFC 8221. For example, in section 5 after the table of encryption algorithms: <quote> IANA has allocated codes for cryptographic algorithms that have not been specified by the IETF. Such algorithms are noted as UNSPECIFIED. Usually, the use of these algorithms is limited to specific cases, and the absence of specification makes interoperability difficult for IPsec communications. These algorithms were not mentioned in [RFC7321], and this document clarifies that such algorithms MUST NOT be implemented for IPsec communications. Similarly, IANA also allocated code points for algorithms that are not expected to be used to secure IPsec communications. Such algorithms are noted as non-IPsec. As a result, these algorithms MUST NOT be implemented. Various ciphers that are older, not well tested, and never widely implemented have been changed to MUST NOT. </quote> On my (8th?) reading though, it may be that the first paragraph is only applying to the algorithms marked UNSPECIFIED in the earlier table which would cover des-32iv and possibly des-deriv in which case the wording I used in the commit log isn't quite clear. Also, just to make it clear, I don't care about IANA numbers, I was merely referencing the RFC's wording as the "why". -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ab397475-0a04-a948-4a32-d872dc20ca38>