[IPsec] ikev1-graveyard
Michael Richardson <mcr+ietf@sandelman.ca> Sun, 07 April 2019 18:11 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52D6B12033C for <ipsec@ietfa.amsl.com>; Sun, 7 Apr 2019 11:11:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QG95ss2MhwdF for <ipsec@ietfa.amsl.com>; Sun, 7 Apr 2019 11:11:14 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78F1B120020 for <ipsec@ietf.org>; Sun, 7 Apr 2019 11:11:14 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id DA3C638277; Sun, 7 Apr 2019 14:10:18 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 0FC16B70; Sun, 7 Apr 2019 14:11:13 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 0D583B56; Sun, 7 Apr 2019 14:11:13 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: ipsec@ietf.org
cc: Benjamin Kaduk <kaduk@mit.edu>
X-Attribution: mcr
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sun, 07 Apr 2019 14:11:13 -0400
Message-ID: <14997.1554660673@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/goT-MdjXRI5QlUcEfkVqI4fAY60>
Subject: [IPsec] ikev1-graveyard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2019 18:11:16 -0000
I have read draft-pwouters-ikev1-ipsec-graveyard-00. I think that the actual words and organization of the document could use a bit of polish, but fundamentally it does the right thing, and sends the right message. I would like to ask the WG to adopt this document, we can sort out the wording afterwards, and spend (priority) WG time on this document. I would very much like to point to a clear statement when I see IKEv1 being used in the field for no good reason (except that nobody thought about IKEv2). If it has to be in the form of an RFC, so be it: I'd like to be able to say to a manager, "You are not RFCZZYY compliant", and I'd like this to get into a variety of security audit lists. The document likely has likely little technical impact, and I think we should acknowledge that this is a policy statement. That's okay with me, if it it is okay with the IESG. If there is another way to get the same impact, I'm open to hearing it. The datatracker page for RFC2409 already says: Type RFC - Proposed Standard (November 1998; No errata) Obsoleted by RFC 4306 Updated by RFC 4109 But, I think that the goal is to mark these documents as Historic as well. I didn't see that action in the document specifically (maybe I missed it). Many updates to the IANA registries, which we could do in other ways, I think. As I understand it, marking something as Historic is something the IESG can do without publishing a document. The changes to the IANA registries I'm less clear about, but I believe it could also be done without a document. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [IPsec] ikev1-graveyard Michael Richardson
- Re: [IPsec] ikev1-graveyard Michael Richardson
- Re: [IPsec] ikev1-graveyard Benjamin Kaduk
- Re: [IPsec] ikev1-graveyard Paul Wouters