[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-ike-01.txt (long)

>   So let me ask the entire working group: should vendors be prohibited from
> accepting a key length greater than what they have configured? Should they
> be prohibited from accepting a stronger group? 

Absolutely not and I'd go so far as to make it a SHOULD instead of a MAY.

We're trying to design good security, not workarounds for bad implementations.