IETF Logo Mail Archive

Re: [IPsec] New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txt

Paul Wouters <paul@nohats.ca> Wed, 13 March 2019 04:04 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07411129BBF for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2019 21:04:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LN_Lihmi1hWP for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2019 21:04:54 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2C3F129570 for <ipsec@ietf.org>; Tue, 12 Mar 2019 21:04:53 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 44Jys212LZzDby; Wed, 13 Mar 2019 05:04:22 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1552449862; bh=0epFSPubEgCsIN5fxUnOS4wn2QDf6Fx/2NVfTn+ckAo=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Yuik1yEUHYSna9ABe4reaODO8lnFSjEvW43RCMaB4Wg073N99treYuXm7+Sa+ayWW DPVw4YWWjeQJ3i188jnU2ZUeToZbtiJeHppwMMdlAwdxsvJPbTUSPiD9ysmtbzge7a MPrXGBDd4QdXW5AAnxWCBscKkZSHb9OQpaYvUWzU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id EJ8XkwrfVpDb; Wed, 13 Mar 2019 05:04:21 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 13 Mar 2019 05:04:20 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id E85122FCD9; Wed, 13 Mar 2019 00:04:19 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca E85122FCD9
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id E0F7140D35BD; Wed, 13 Mar 2019 00:04:19 -0400 (EDT)
Date: Wed, 13 Mar 2019 00:04:19 -0400
From: Paul Wouters <paul@nohats.ca>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
cc: "ipsec@ietf.org WG" <ipsec@ietf.org>
In-Reply-To: <64D1977A-3A60-41DC-8A9D-980F4174F003@apple.com>
Message-ID: <alpine.LRH.2.21.1903122357090.26130@bofh.nohats.ca>
References: <alpine.LRH.2.21.1903111437260.19205@bofh.nohats.ca> <64D1977A-3A60-41DC-8A9D-980F4174F003@apple.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/G3EfUJXYYG-6wmlcT1PyZlvHxnI>
Subject: Re: [IPsec] New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 04:04:55 -0000

On Tue, 12 Mar 2019, Tommy Pauly wrote:

> Thanks for writing this up! Glad to get rid of IKEv1 =)

We just need PPK and Labeled IPsec as RFC and then we are go :)

> I do have a question regarding whether the deprecations for the IKEv2 registry are appropriate for this document. RFC 8247 contains the recommendations for the which algorithms and DH groups are going away (SHOULD NOT, MUST NOT, etc), and it seems like an update to that document or similar would be more appropriate to discuss marking deprecation.

I might have misunderstood Tero, but this what we said before:

Paul: > I'm happy to write a separate diediedie document, but it would sort of
Paul: > break the cycle of our IKE and ESP/AH document updates?

Tero: Writing separate die-die-die document would be faster, and I do not
Tero: think we have yet any pending changes for the algorithms we have in
Tero: 8221 and 8247 waiting to be done.


While it should update 8221/8247 (I'll add it for the next revision), I
think Tero is right that this isn't the regular cycle of algorithm
update using bis documents. It would be a bit overkill to already
replace those two documents, especially because the "diff" would really
not be very informative, because it would only show what are currently
MAY algorithms that are not shown in 8221/8247 at all because they
didn't change. And since we are not changing anything else, we wouldn't
show anything else in the columns. So I think doing this "out of series"
is a better solution.

But I didn't instruct IANA to put [this document] in the ESP and IKEv2
reference columns for those algorithms, which we should do as well as
adding the DEPRECATED column [insert Tero sitting at a table with "An
extra column is wrong - CHANGE MY MIND"] poster.

Paul

v2.23.0 | Report a Bug | By Email