[IPsec] IANA ikev2 registry and FC values

Tero Kivinen <kivinen@iki.fi> Thu, 17 January 2013 17:03 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D12BA21F878F for <ipsec@ietfa.amsl.com>; Thu, 17 Jan 2013 09:03:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id lVPmgeFfLqWi for <ipsec@ietfa.amsl.com>; Thu, 17 Jan 2013 09:03:56 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 0758021F86C8 for <ipsec@ietf.org>; Thu, 17 Jan 2013 09:03:55 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost []) by mail.kivinen.iki.fi (8.14.5/8.14.5) with ESMTP id r0HH3pwb022379 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Thu, 17 Jan 2013 19:03:51 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.5/8.12.11) id r0HH3oGh026778; Thu, 17 Jan 2013 19:03:50 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20728.12021.834751.712756@fireball.kivinen.iki.fi>
Date: Thu, 17 Jan 2013 19:03:49 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 14 min
X-Total-Time: 21 min
Subject: [IPsec] IANA ikev2 registry and FC values
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jan 2013 17:03:56 -0000

I got question now about the values allocated for the "IKEv2 in the
Fibre Channel Security Association Management Protocol" and their use
in the normal IPsec use over IP. This question was about support for
AUTH_HMAC_MD5_128 and AUTH_HMAC_SHA1_160 for IPsec over IP, instead of
using the normal AUTH_HMAC_MD5_96 and AUTH_HMAC_SHA1_96 values
everybody in IP world are using. When those values were allocated it
was assumed that they were only to be used in the FC world.

I noticed that when all other RFC4595 allocated numbers have FC_ in
their names, but these AUTH_* does not have those. Also there is
nothing that explictly forbid their use in the IKEv2/ESP over IP, it
has been implicit because there is nothing that says they can be used
in the IP world either.

One of the reasons for these is that this allocation happened when we
had this process flaw and those drafts never came to the IANA expert
for review (i.e. to me), so I only did some early comments to their
-00 draft, and then later noticed that the values had been added to
the registry.

To clear up this confusion, I would like to add note to the IANA table
saying "Only for Fibre Channel use" for those two values.

Does anybody have any objections for doing that?