RE: IKEv2 and IANA registry
"Charlie Kaufman" <charliek@microsoft.com> Wed, 07 April 2004 19:14 UTC
Received: from lists.tislabs.com (portal.tislabs.com [192.94.214.101]) by above.proper.com (8.12.11/8.12.8) with ESMTP id i37JEoGl023479; Wed, 7 Apr 2004 12:14:50 -0700 (PDT) (envelope-from owner-ipsec@lists.tislabs.com)
Received: by lists.tislabs.com (8.11.6/8.11.6) id i37IZe221221 for ipsec-outgoing; Wed, 7 Apr 2004 14:35:40 -0400 (EDT)
X-Authentication-Warning: portal.tislabs.com: majordom set sender to owner-ipsec@lists.tislabs.com using -f
x-mimeole: Produced By Microsoft Exchange V6.5.7165.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: IKEv2 and IANA registry
Date: Wed, 07 Apr 2004 11:47:43 -0700
Message-ID: <F5F4EC6358916448A81370AF56F211A5025DF817@RED-MSG-51.redmond.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: IKEv2 and IANA registry
Thread-Index: AcQbbfjh7ZdThuqqRrGUoTeo9cSOIQAlTwmA
From: Charlie Kaufman <charliek@microsoft.com>
To: Kevin Li <kli@cisco.com>, ipsec@lists.tislabs.com
X-OriginalArrivalTime: 07 Apr 2004 18:47:53.0763 (UTC) FILETIME=[D5B87F30:01C41CD0]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by lists.tislabs.com id i37IZc821218
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
There are number of minor inconsistencies between ikev2-13 and ikev2-iana-01, of which the one you point out is the only really important one. I've been meaning to post a list so we can decide which document to change in each case. There was an error in ikev2-10(?) and prior where the security protocol ID was listed with two different sets of values in two places. The IANA document reflected this by having two different protocol ID registries with slightly different names with the different values. ('IKEv2 Security Protocol Identifiers' has the correct values; 'IKEv2 Proposal Substructure Protocol-IDs' has the incorrect values.). The fix is for the iana document to remove the second registry. The other inconsistencies are: 1) The ikev2-13 document lists all registries as being updated by expert review; the ikev2-iana-01 document lists them as updated by different means. Ikev2-13 reflects working group consensus reached after the iana document was published. 2) For pseudo-random transform type 2, the ikev2-13 document defines AUTH_AES_XCBC_96 5 I don't know the story here; perhaps this algorithm was added late, or perhaps it should be removed as an inappropriate PRF. 3) For Extended Sequence Numbers Transform Type 5, (0=NO; 1=YES), the iana document lists values 2-65535 as reserved to IANA (thus creating a registry). In the ikev2-13, they are RESERVED (avoiding the need for a registry). I believe no registry is needed; I doubt any expert would approve creation of a new value for a Boolean. 4) For Identification Payload ID types, the iana document says the values 12-255 are reserved to iana. Ikev2-13 says 12-200 are reserved to iana and 201-255 are for private use. 5) ikev2-13 has notification types apparently defined since the iana document: INVALID_SELECTORS 39 ESP_TFC_PADDING_NOT_SUPPORTED 16394 6) For traffic selector types, the iana document says types 9-255 are reserved to iana; ikev2-13 says 9-240 are reserved to iana and 241-255 are for private use. --Charlie -----Original Message----- From: Kevin Li [mailto:kli@cisco.com] Sent: Monday, April 05, 2004 5:28 PM To: Charlie Kaufman; ipsec@lists.tislabs.com Cc: kli@cisco.com Subject: IKEv2 and IANA registry Hi, I have two questions. 1. For protocol id in proposal payload, there is an inconsistency between draft-ietf-ipsec-ikev2-13.txt and draft-ietf-ipsec-ikev2-iana-01.txt The ikev2-13.txt defines: Protocol Protocol ID RESERVED 0 IKE 1 AH 2 ESP 3 RESERVED TO IANA 4-200 PRIVATE USE 201-255 The ikev2-iana-01.txt defines Attribute Type value ------------------------------------- IKE 0 AH 1 ESP 2 RESERVED TO IANA 3-255 Which one should be used? In general, if there is a conflict between protocol specification and iana, which one should be used? 2. What's the current status of standardizing/fianlizing IKEv2 protocol specification? I am afraid our implementation based on IKEv2-13 will not inter-operate with future standard version which other verdor implementations will base on. Shall we wait until the standard comes out? Please include me in the reply list as I haven't subcribed (in process) to the ipsec@lists.tislabs.com yet. Thank you very much. Kevin Cisco Systems
- RE: IKEv2 and IANA registry Charlie Kaufman
- RE: IKEv2 and IANA registry Paul Hoffman / VPNC
- Re: IKEv2 and IANA registry Michael Richardson
- Re: IKEv2 and IANA registry Paul Hoffman / VPNC
- Re: IKEv2 and IANA registry Theodore Ts'o