If I read this right, it seems to have been created to be propagated for use in IP-SEC at the request of someone who is not clearly identified (according to the original source of the RFC).<p>I had a job circa-2000 where the info-security officer was ex-military and we were told never to use IP-SEC because it was not considered secure. I got no other explanation of why or how she knew about it, but was told it was a non-starter and not up for discussion. We had to install physical lines between offices instead. It could have been bluster, of course. I don't know enough to say.<p>There have been multiple discoveries of crypto weakening discovered over the past couple of years and this has the hallmarks of another one.<p>Every time, I wonder how far behind we are on crypto, especially when you consider things like GCHQ had public key crypto (and kept quiet about it) long before DH & RSA.<p>There is a lot of work required before we have any level of assurance that current crypto is up to required levels. I'm glad capable people are doing this sort of work and investigating and pushing improvements.