Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET
Tero Kivinen <kivinen@iki.fi> Wed, 28 October 2009 12:11 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A83143A6927 for <ipsec@core3.amsl.com>; Wed, 28 Oct 2009 05:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.455
X-Spam-Level:
X-Spam-Status: No, score=-2.455 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wuN6lLVl1Szi for <ipsec@core3.amsl.com>; Wed, 28 Oct 2009 05:11:06 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id 8294E3A68C1 for <ipsec@ietf.org>; Wed, 28 Oct 2009 05:11:06 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.13.8) with ESMTP id n9SCBH5i012591 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Oct 2009 14:11:17 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id n9SCBHG3011434; Wed, 28 Oct 2009 14:11:17 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19176.13541.190708.95193@fireball.kivinen.iki.fi>
Date: Wed, 28 Oct 2009 14:11:17 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: "Frankel, Sheila E." <sheila.frankel@nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930789878B75@MBCLUSTER.xchange.nist.gov>
References: <063.783474ea3d34b716e39da24271b27cac@tools.ietf.org> <D7A0423E5E193F40BE6E94126930C4930789878B75@MBCLUSTER.xchange.nist.gov>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 8 min
X-Total-Time: 11 min
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, "suresh.krishnan@ericsson.com" <suresh.krishnan@ericsson.com>
Subject: Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 12:11:07 -0000
Frankel, Sheila E. writes: > 2) Add text to the introductory section for IKEv1, Section 4.1.1: > > Additional text: ... > Two Internet Drafts were written to address these problems: Extended > Authentication withn IKE (XAUTH) (draft-beaulieu-ike-xauth) and The ^ within > ISAKMP Configuration Method (draft-dukes-ike-mode-cfg). These > drafts did not progress to RFC status due to security flaws and > other problems related to these solutions. However, many current > IKEv1 implementations incorporate aspects of these solutions to > facilitate remote user access to corporate VPNs. Since these > solutions were not standardized, there is no assurance that the > implementations adhere fully to the suggested solutions, or that one > implementation can interoperate with others that claim to > incorporate the same features. Furthermore, these solutions have > know security issues. Thus, use of these solutions is not > recommended, and these Internet Drafts are not specified in this > roadmap. I wonder if we should also say that different implementations took different versions of the drafts (and their predecessors draft-ietf-ipsra-isakmp-xauth and draft-ietf-ipsec-isakmp-mode-cfg) and those different versions are NOT necessarely interoperable which each other. Actually listing also those predecessor drafts might be good idea as implementations done before year 2000 mostly refer to them, and we are talking about old expired drafts to obsoleted protocol, so most likely people using them are not from this centrury :-) -- kivinen@iki.fi
- Re: [IPsec] [ipsecme] #114: Expired drafts, espec… Frankel, Sheila E.
- Re: [IPsec] [ipsecme] #114: Expired drafts, espec… Yaron Sheffer
- Re: [IPsec] [ipsecme] #114: Expired drafts, espec… Paul Hoffman
- Re: [IPsec] [ipsecme] #114: Expired drafts, espec… Tero Kivinen