[IPsec] First version of RFC5996bis
Tero Kivinen <kivinen@iki.fi> Fri, 09 August 2013 13:29 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CB2611E80F5 for <ipsec@ietfa.amsl.com>; Fri, 9 Aug 2013 06:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUD45svnL5d3 for <ipsec@ietfa.amsl.com>; Fri, 9 Aug 2013 06:29:54 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 35E9311E8103 for <ipsec@ietf.org>; Fri, 9 Aug 2013 06:29:51 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.7/8.14.5) with ESMTP id r79DTTSb017330 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 9 Aug 2013 16:29:29 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.7/8.12.11) id r79DTO3H018812; Fri, 9 Aug 2013 16:29:24 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20996.61108.326911.119416@fireball.kivinen.iki.fi>
Date: Fri, 09 Aug 2013 16:29:24 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 16 min
X-Total-Time: 30 min
Cc: Pasi Eronen <pe@iki.fi>, turners@ieca.com, Charlie Kaufman <charliek@microsoft.com>, Yoav Nir <ynir@checkpoint.com>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: [IPsec] First version of RFC5996bis
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2013 13:29:55 -0000
In the last IETF there has been discussion that we should start driving IPsec protocols from proposed standard to full standard. Mostly this needs to be done because some other standardization organizations say they cannot refer to proposed standards, they can only refer to real standards, and they do not see proposed standards as real standards. Sean Turner promised that he would be willing to do the IESG legwork for this process, but to start that we needed to get the actual documents ready first. The process of going from proposed standard to full standards is easier now, but there are still some things we need to do. The first thing is that we need to take all errata we have for the document and create a document which fixes that. To get this process starting I took the RFC5996, and put in the two errata items we had for that RFC. The submitted the resulting draft-kivinen-ipsecme-ikev2-rfc5996bis today. This version only puts in the errata, and a section "Differences between RFC5996 and This Document". The problem is that we have been discussing in the WG about the draft-kivinen-ipsecme-oob-pubkey draft, and that draft currently obsoletes RAW RSA public keys from the RFC5996 and then adds new one. We cannot really add new features at this point as it is not widely implemented or used, but I think we can safely obsolete the RAW RSA support as it has not been widely used. So my plan is to make new version of this draft in three weeks time (I will be vacation for two weeks starting next Monday), and in that draft obsolete the RAW RSA public keys. After that I will remove all text about obsoleting the RAW RSA public keys from my draft-kivinen-ipsecme-oob-pubkey document and it will just be one normal extension adding stuff to the rfc5996bis. So if you have any objections for that speak up now... In addition to the IKEv2, we most likely want to move some other documents forward too. Some of those are easy like RFC2451 "The ESP CBC-Mode Cipher Algorithms", RFC3526 "More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange", and RFC3986 "UDP Encapsulation of IPsec ESP Packets", as there is no errata, and they are widely used. Some are harder, as we need to make new versions because of errata (RFC4303 ESP). For some others we need to discuss do we want to make them forward (AH, MOBIKE etc). But I think discussion about the other documents should be done on the separate thread, this is just first step on the road. ---------------------------------------------------------------------- From: internet-drafts@ietf.org To: "Paul E. Hoffman" <paul.hoffman@vpnc.org>, Pasi Eronen <pe@iki.fi>, Charlie Kaufman <charliek@microsoft.com>, Tero Kivinen <kivinen@iki.fi>, Yoav Nir <ynir@checkpoint.com>, Paul Hoffman <paul.hoffman@vpnc.org> Subject: New Version Notification for draft-kivinen-ipsecme-ikev2-rfc5996bis-00.txt Date: Fri, 09 Aug 2013 05:49:39 -0700 A new version of I-D, draft-kivinen-ipsecme-ikev2-rfc5996bis-00.txt has been successfully submitted by Charlie Kaufman and posted to the IETF repository. Filename: draft-kivinen-ipsecme-ikev2-rfc5996bis Revision: 00 Title: Internet Key Exchange Protocol Version 2 (IKEv2) Creation date: 2013-08-09 Group: Individual Submission Number of pages: 137 URL: http://www.ietf.org/internet-drafts/draft-kivinen-ipsecme-ikev2-rfc5996bis-00.txt Status: http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis Htmlized: http://tools.ietf.org/html/draft-kivinen-ipsecme-ikev2-rfc5996bis-00 Abstract: This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document replaces and updates RFC 4306, and includes all of the clarifications from RFC 4718. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- kivinen@iki.fi
- [IPsec] First version of RFC5996bis Tero Kivinen
- Re: [IPsec] First version of RFC5996bis Yaron Sheffer
- Re: [IPsec] First version of RFC5996bis Yaron Sheffer