Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
Paul Wouters <paul@nohats.ca> Tue, 13 December 2022 15:36 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53364C152590; Tue, 13 Dec 2022 07:36:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1uTNcEOL_XG; Tue, 13 Dec 2022 07:36:16 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 060AEC15258E; Tue, 13 Dec 2022 07:36:15 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4NWjJX2ZgYz46h; Tue, 13 Dec 2022 16:36:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1670945772; bh=KJSjPmfv+uW32VJOJP7MLFEekGh0/ywY5mglXwCgjWc=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=gHKgIJgpGCNdCB8iR+z7+Ld5HYcBku+smU8JU3OyoJLVuka5drdYY0ol7zZLQfsb6 lnLjCGnaAUdWW/DMd1jA3vS1pQaq4FLC6BEvQz4aLu9RgdUvU/6rNHSH2btjfeS9gS 5mgy2HDO225ZawXgV4yNosVOZeBPI/szYjXn/+pk=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id SYJg-7llen5F; Tue, 13 Dec 2022 16:36:11 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 13 Dec 2022 16:36:11 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 40079421ED3; Tue, 13 Dec 2022 10:36:10 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 3CB5C421ED2; Tue, 13 Dec 2022 10:36:10 -0500 (EST)
Date: Tue, 13 Dec 2022 10:36:10 -0500
From: Paul Wouters <paul@nohats.ca>
To: Warren Kumari <warren@kumari.net>
cc: The IESG <iesg@ietf.org>, draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, kivinen@iki.fi
In-Reply-To: <167094324735.45634.6215476133161483286@ietfa.amsl.com>
Message-ID: <ca431827-6090-dba7-6280-20bed8ebf37d@nohats.ca>
References: <167094324735.45634.6215476133161483286@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/pZfiHwt4qgDjKoBfVbFajWo9bmQ>
Subject: Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2022 15:36:20 -0000
On Tue, 13 Dec 2022, Warren Kumari via Datatracker wrote: [speaking with author hat on] > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Be ye not afraid -- see > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on > handling ballots, especially DISCUSS ballots... > > Can the IETF actually deprecate / make a protocol historic? (as stated in > "Internet Key Exchange version 1 (IKEv1) has been deprecated" and "IKEv1 has > been moved to Historic status.") > > I agree that **making the documents that describe these** be historic is the > right thing to do, and also that the IETF can strongly recommend that people > don't use/deploy/whatever IKEv1, but I don't really know if we (or anyone) have > the power to deprecate a protocol. We are not the protocol police, and we > cannot instruct people to e.g deploy protocol foo, so I don't know if we can > deprecate a protocol either -- but I suspect that this might be because I don't > actually know what "IKEv1 has been deprecated" actually *means*. > > Again, I'm not trying to block what this document is attempting to *do*, but > rather make it clear what it is actually doing. What it means is that the IETF has stopped maintaining it. It will not allow any new registrations into the related IANA registries and no new work will be started on this protocol version. It does not make any recommendations to users or administrators on whether they should stop running it and migrate, although it is a pretty strong hint that this protocol is dying and it would be wise to move away from it. It also means that other documents that want to depend on IKE, have to ensure it works (and references) IKEv2, not IKEv1. The IETF does not tell you which protocols to use or not use. However, other organizations that do, often base their requirements on IETF recommendations. This is where the IETF and others (eg NIST, PCI-DSS) play a careful balancing act. The IETF tries to nudge people in the right direction. But it is indeed not the protocol police. Note that the document itself does not deprecate anything. It cannot. Only the IESG can change a document static to historic. See your other work item on the telechat where this is requested. Only after that request passes the IESG, can this document move further and say that "it has happened". Paul
- [IPsec] Warren Kumari's Discuss on draft-ietf-ips… Warren Kumari via Datatracker
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Paul Wouters
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Warren Kumari
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Warren Kumari
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Roman Danyliw
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Paul Wouters
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Warren Kumari