Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC 4305

Note: This ballot was opened for revision 02 and is now closed.

(Steven Bellovin) Yes

Comment (2004-08-14 for -)
No email
send info
3.1.1 is actually rather odd -- there are no mandated confidentiality algorithms defined that are both required today and expected to be required in the near future.

(Russ Housley) Yes

(Allison Mankin) Yes

(Jon Peterson) Yes

(Harald Alvestrand) No Objection

Comment (2004-08-19 for -)
No email
send info
Reviewed by Brian Carpenter, Gen-ART
Personally, I think the use of SHOULD+ and MUST- are good additions to the repertoire of "conformance verbs". My preference would be to have the document mention an expected date for the conformance change (like "the first version emitted after January 2006, unless we learn something new"), but I can easily live with the document as written.

(Margaret Cullen) No Objection

Comment (2004-08-18 for -)
No email
send info
   Ideally the mandatory to implement algorithm of tomorrow should
   already be available in most implementations of IPSEC by the time it
   is made mandatory.


If the security folks can't get this right, how can we expect the rest of us to do so?  :-)

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Scott Hollenbeck) No Objection

(David Kessens) No Objection

(Thomas Narten) (was Discuss) No Objection

Comment (2004-08-19)
No email
send info
s/IPSEC/IPsec/ throughout.

s/mandatory to implement algorithms/mandatory-to-implement algorithms/

>                a MAY or worse in a future version of this document.

s/or worse/or weaker/ ??

4 normative references to IDs; are those IDs done?

(Bert Wijnen) No Objection