Re: [IPsec] graveyard: deprecate->historic
Paul Wouters <paul@nohats.ca> Mon, 13 January 2020 16:55 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 384631208D4 for <ipsec@ietfa.amsl.com>; Mon, 13 Jan 2020 08:55:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAw_ZgSMdmHP for <ipsec@ietfa.amsl.com>; Mon, 13 Jan 2020 08:55:55 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 402A71208D1 for <ipsec@ietf.org>; Mon, 13 Jan 2020 08:55:55 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 47xKTy6ljnzDFr; Mon, 13 Jan 2020 17:55:50 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1578934550; bh=93/bIElCLXxAKM4gTFRcsA9m4fY3652u+b23uXUY0Fc=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=sJs7MBHsPB8qWE7X3gcH8GxqoXD1Oxml5LiXMofGo+JnHnZ3ksO12vrlQuiy89QU5 tMLapcSKXx1eWq8/ClscE1paix9x63YU/Bf3Ip/7Mz8dyqIkE0b0cYNa7jP81hXSbW BzV1VpXmUw+Luf6TocMs8MJncfNYDpmXYLeaKQz4=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id l0csP-Rsye_x; Mon, 13 Jan 2020 17:55:49 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 13 Jan 2020 17:55:48 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 069A46084CDD; Mon, 13 Jan 2020 11:55:48 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 02DE938563; Mon, 13 Jan 2020 11:55:48 -0500 (EST)
Date: Mon, 13 Jan 2020 11:55:47 -0500
From: Paul Wouters <paul@nohats.ca>
To: Dan Harkins <dharkins@lounge.org>
cc: Benjamin Kaduk <kaduk@mit.edu>, ipsec@ietf.org
In-Reply-To: <fdde4e33-da84-3f00-f30d-6eab2daa084f@lounge.org>
Message-ID: <alpine.LRH.2.21.2001131142420.31187@bofh.nohats.ca>
References: <A8FABB55-C89E-4DDE-88CA-9A5839E023B2@sn3rd.com> <20191223184651.GC35479@kduck.mit.edu> <a0ac2861-d106-a464-be49-53fcc3dc802a@lounge.org> <20200113063541.GB66991@kduck.mit.edu> <fdde4e33-da84-3f00-f30d-6eab2daa084f@lounge.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/9wctkPhYkl3unL5EdKS5pf459FE>
Subject: Re: [IPsec] graveyard: deprecate->historic
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 16:55:57 -0000
On Mon, 13 Jan 2020, Dan Harkins wrote: > IKEv1 is done, it's over, it's dead. It's been like that for more than a > decade. I think there is a big difference between "done developing it" and "done running it". A decade ago almost everything was IKEv1. Today, with the exception of Android and ten year old gear, everything is IKEv2. And Android is scheduled to fix that this summer. So the move to Historic does seem valid now, and was not 10 years ago. > We already made a statement that we won't touch IKEv1 anymore and we made that > statement fifteen years ago. And we're still doing "die die die" stuff that's now > been refashioned into a "graveyard" effort in order to address the sensitive > sensibilities of the new IETF, but it's still the same thing. It's trying add an > underscore and an exclamation point to a statement that was already made. Because > we're really serious this time-- it's in the graveyard! I agree, it is kind of a symbolic gesture. But I think it will help (and not harm), so I think we should just publish it for those who can use it as a lever to migrate more older setups to new. To be honest, the biggest gain will be that people stop using DH1024, DH1536 and SHA1 that are defacto the only DH groups used with IKEv1. Paul
- [IPsec] graveyard: deprecate->historic Sean Turner
- Re: [IPsec] graveyard: deprecate->historic Benjamin Kaduk
- Re: [IPsec] graveyard: deprecate->historic Paul Wouters
- Re: [IPsec] graveyard: deprecate->historic Benjamin Kaduk
- Re: [IPsec] graveyard: deprecate->historic Sean Turner
- Re: [IPsec] graveyard: deprecate->historic Dan Harkins
- Re: [IPsec] graveyard: deprecate->historic Benjamin Kaduk
- Re: [IPsec] graveyard: deprecate->historic Dan Harkins
- Re: [IPsec] graveyard: deprecate->historic Paul Wouters
- Re: [IPsec] graveyard: deprecate->historic Michael Richardson