Deprecation of the Internet Key Exchange Version 1 (IKEv1) Protocol and Obsoleted Algorithms
draft-ietf-ipsecme-ikev1-algo-to-historic-09
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2023-04-21
|
09 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2023-04-20
|
09 | (System) | RFC Editor state changed to AUTH48 |
2023-03-28
|
09 | Yoav Nir | Added to session: IETF-116: ipsecme Wed-0630 |
2023-02-27
|
09 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2023-01-04
|
09 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2023-01-04
|
09 | (System) | RFC Editor state changed to EDIT |
2023-01-04
|
09 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2023-01-04
|
09 | (System) | Announcement was received by RFC Editor |
2023-01-04
|
09 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2023-01-04
|
09 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2023-01-04
|
09 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2023-01-04
|
09 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2023-01-03
|
09 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2023-01-03
|
09 | (System) | IANA Action state changed to In Progress |
2023-01-03
|
09 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2023-01-03
|
09 | Amy Vezza | IESG has approved the document |
2023-01-03
|
09 | Amy Vezza | Closed "Approve" ballot |
2022-12-29
|
09 | Amy Vezza | Ballot approval text was generated |
2022-12-27
|
09 | Roman Danyliw | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup |
2022-12-19
|
09 | (System) | Removed all action holders (IESG state changed) |
2022-12-19
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2022-12-19
|
09 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-09.txt |
2022-12-19
|
09 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-12-19
|
09 | Paul Wouters | Uploaded new revision |
2022-12-15
|
08 | (System) | Changed action holders to Paul Wouters (IESG state changed) |
2022-12-15
|
08 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2022-12-15
|
08 | Warren Kumari | [Ballot comment] After discussions on the telechat, I'm clearing my discuss. |
2022-12-15
|
08 | Warren Kumari | [Ballot Position Update] Position for Warren Kumari has been changed to No Objection from Discuss |
2022-12-15
|
08 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2022-12-14
|
08 | Murray Kucherawy | [Ballot comment] The document shepherd writeup says: -- 15. Should any informative references be normative or vice-versa? Yes. -- I'm assuming the shepherd just ran … [Ballot comment] The document shepherd writeup says: -- 15. Should any informative references be normative or vice-versa? Yes. -- I'm assuming the shepherd just ran over the question too quickly. But, if you really meant "Yes" here, what's the plan to fix it? Section 7 says: "All entries not mentioned here should receive no value in the new Status field." Why not have a status of "current" or something definite? |
2022-12-14
|
08 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2022-12-14
|
08 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2022-12-13
|
08 | Francesca Palombini | [Ballot comment] Thank you for the work on this document. I would suggest requesting IANA to add a pointer to this specification in their current … [Ballot comment] Thank you for the work on this document. I would suggest requesting IANA to add a pointer to this specification in their current Notes (they currently have Notes pointing to 8221 and 8247). I would also suggest to expand on the meaning of the "Status" column and its allowed values, including said values meaning - I guess this is related to Warren's DISCUSS. It might seem unnecessary and self-explanatory to the authors, but it can't hurt to be exceedingly clear. |
2022-12-13
|
08 | Francesca Palombini | [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini |
2022-12-13
|
08 | Warren Kumari | [Ballot discuss] Be ye not afraid -- see https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on handling ballots, especially DISCUSS ballots... Can the IETF actually deprecate / make a protocol historic? … [Ballot discuss] Be ye not afraid -- see https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on handling ballots, especially DISCUSS ballots... Can the IETF actually deprecate / make a protocol historic? (as stated in "Internet Key Exchange version 1 (IKEv1) has been deprecated" and "IKEv1 has been moved to Historic status.") I agree that **making the documents that describe these** be historic is the right thing to do, and also that the IETF can strongly recommend that people don't use/deploy/whatever IKEv1, but I don't really know if we (or anyone) have the power to deprecate a protocol. We are not the protocol police, and we cannot instruct people to e.g deploy protocol foo, so I don't know if we can deprecate a protocol either -- but I suspect that this might be because I don't actually know what "IKEv1 has been deprecated" actually *means*. Again, I'm not trying to block what this document is attempting to *do*, but rather make it clear what it is actually doing. |
2022-12-13
|
08 | Warren Kumari | [Ballot Position Update] New position, Discuss, has been recorded for Warren Kumari |
2022-12-12
|
08 | Lars Eggert | [Ballot comment] # GEN AD review of draft-ietf-ipsecme-ikev1-algo-to-historic-08 CC @larseggert Thanks to Roni Even for the General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/rK3E1XT4aINFH14eXi90vEqPa0o). … [Ballot comment] # GEN AD review of draft-ietf-ipsecme-ikev1-algo-to-historic-08 CC @larseggert Thanks to Roni Even for the General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/rK3E1XT4aINFH14eXi90vEqPa0o). ## Nits All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. ### Typos #### Section 4.2, paragraph 1 ``` - method was never standarized in IKEv1. Those IKEv1 systems that + method was never standardized in IKEv1. Those IKEv1 systems that + + ``` ### Outdated references Reference `[RFC4306]` to `RFC4306`, which was obsoleted by `RFC5996` (this may be on purpose). Reference `[RFC2407]` to `RFC2407`, which was obsoleted by `RFC4306` (this may be on purpose). Reference `[RFC2409]` to `RFC2409`, which was obsoleted by `RFC4306` (this may be on purpose). Reference `[RFC2408]` to `RFC2408`, which was obsoleted by `RFC4306` (this may be on purpose). ### URLs These URLs point to tools.ietf.org, which has been taken out of service: * https://tools.ietf.org/id/draft-ietf-ipsecme-labeled-ipsec-06.txt ### Grammar/style #### Section 6, paragraph 1 ``` ocument instructs IANA to add an additional Status column to the IKEv2 Transf ^^^^^^^^^^^^^^^^^^^^^^^^ ``` This phrase might be redundant. Consider either removing or replacing the adjective "additional". #### Section 7, paragraph 5 ``` ment] Figure 3 Transform Type 4 - Diffie Hellman Group Transform IDs Number ^^^^^^^^^^^^^^ ``` This word is normally spelled with a hyphen. ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT]. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments [IRT]: https://github.com/larseggert/ietf-reviewtool |
2022-12-12
|
08 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert |
2022-12-12
|
08 | Robert Wilton | [Ballot comment] Thanks for this. A pretty easy document, and always good to clear out old cruft. I do wonder exactly how well understood "deprecated" … [Ballot comment] Thanks for this. A pretty easy document, and always good to clear out old cruft. I do wonder exactly how well understood "deprecated" is in the wider community. E.g., (i) the definition of deprecated in YANG (RFC 7950) is: o "deprecated" indicates an obsolete definition, but it permits new/continued implementation in order to foster interoperability with older/existing implementations. (ii) the definition in Java is: A program element annotated @Deprecated is one that programmers are discouraged from using, typically because it is dangerous, or because a better alternative exists. Compilers warn when a deprecated program element is used or overridden in non-deprecated code. I think that the definition that security uses is presumably much closer to (ii), or not even stronger in sentiment to move away from it? I tried to search and find a definition in IANA of exactly what deprecated means, but with no luck. Perhaps there is already a security definition of deprecated that could be referenced, or if not, it might be helpful to: - in Section 5, unambiguously specify what is meant by deprecated. - in Section 7, bind the definition of the Status column back to Section 5. Regards, Rob |
2022-12-12
|
08 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2022-12-08
|
08 | Éric Vyncke | [Ballot Position Update] New position, Yes, has been recorded for Éric Vyncke |
2022-12-07
|
08 | Erik Kline | [Ballot comment] # Internet AD comments for draft-ietf-ipsecme-ikev1-algo-to-historic-08 CC @ekline ### S3 * I think "therefore" to be more correct that "therefor" in this usage. … [Ballot comment] # Internet AD comments for draft-ietf-ipsecme-ikev1-algo-to-historic-08 CC @ekline ### S3 * I think "therefore" to be more correct that "therefor" in this usage. (But I'll also defer to a proper grammarian. =) * s/defacto/de facto/, perhaps |
2022-12-07
|
08 | Erik Kline | [Ballot Position Update] New position, Yes, has been recorded for Erik Kline |
2022-12-07
|
08 | Paul Wouters | [Ballot comment] Historic Achievement ! |
2022-12-07
|
08 | Paul Wouters | [Ballot Position Update] New position, Recuse, has been recorded for Paul Wouters |
2022-12-07
|
08 | John Scudder | [Ballot comment] Nits - “A few notably” should be “A few notable” - “an addition Security Context selector” should be “an additional...” - s/standarized/standardized/ |
2022-12-07
|
08 | John Scudder | [Ballot Position Update] New position, No Objection, has been recorded for John Scudder |
2022-12-05
|
08 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2022-12-05
|
08 | Roman Danyliw | Placed on agenda for telechat - 2022-12-15 |
2022-12-05
|
08 | Roman Danyliw | Ballot has been issued |
2022-12-05
|
08 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2022-12-05
|
08 | Roman Danyliw | Created "Approve" ballot |
2022-12-05
|
08 | Roman Danyliw | IESG state changed to IESG Evaluation from Waiting for Writeup |
2022-12-05
|
08 | Roman Danyliw | Ballot writeup was changed |
2022-11-18
|
08 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2022-11-18
|
08 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-08.txt |
2022-11-18
|
08 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-11-18
|
08 | Paul Wouters | Uploaded new revision |
2022-11-18
|
07 | Mališa Vučinić | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Mališa Vučinić. Sent review to list. |
2022-11-18
|
07 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2022-11-17
|
07 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2022-11-17
|
07 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-ipsecme-ikev1-algo-to-historic-07. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-ipsecme-ikev1-algo-to-historic-07. If any part of this review is inaccurate, please let us know. The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document. We understand that, upon approval of this document, there are four actions which we must complete. First, in the Transform Type 1 - Encryption Algorithm Transform IDs registry on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at: https://www.iana.org/assignments/ikev2-parameters/ an additional Status column will be added to the registry and the following entries will be marked DEPRECATED: Number Name Status ------ --------------- ------ 1 ENCR_DES_IV64 DEPRECATED [ RFC-to-be ] 2 ENCR_DES DEPRECATED [RFC8247] 4 ENCR_RC5 DEPRECATED [ RFC-to-be ] 5 ENCR_IDEA DEPRECATED [ RFC-to-be ] 6 ENCR_CAST DEPRECATED [ RFC-to-be ] 7 ENCR_BLOWFISH DEPRECATED [ RFC-to-be ] 8 ENCR_3IDEA DEPRECATED [ RFC-to-be ] 9 ENCR_DES_IV32 DEPRECATED [ RFC-to-be ] Second, in the Transform Type 2 - Pseudorandom Function Transform IDs registry also on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at: https://www.iana.org/assignments/ikev2-parameters/ an additional Status column will be added to the registry and the following entries will be marked DEPRECATED: Number Name Status ------ ------------ ---------- 1 PRF_HMAC_MD5 DEPRECATED [RFC8247] 1 PRF_HMAC_TIGER DEPRECATED [ RFC-to-be ] IANA Question --> is the Number for the Transform Type PRF_HMAC_TIGER a typo? Should, the actual number be the value 3? Third, in the Transform Type 3 - Integrity Algorithm Transform IDs registry of the Transform Type Values registry also on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at: https://www.iana.org/assignments/ikev2-parameters/ an additional Status column will be added to the registry and the following entries will be marked DEPRECATED: Number Name Status ------ ----------------- ---------- 1 AUTH_HMAC_MD5_96 DEPRECATED [RFC8247] 3 AUTH_DES_MAC DEPRECATED [RFC8247] 4 AUTH_KPDK_MD5 DEPRECATED [RFC8247] 6 AUTH_HMAC_MD5_128 DEPRECATED [ RFC-to-be ] 7 AUTH_HMAC_SHA1_160 DEPRECATED [ RFC-to-be ] Fourth, in the Transform Type 4 - Diffie Hellman Group Transform IDs registry also on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at: Number Name Status ------ ---------------------------- ---------- 1 768-bit MODP Group DEPRECATED [RFC8247] 22 1024-bit MODP Group with 160-bit Prime Order Subgroup DEPRECATED [RFC8247] The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. For definitions of IANA review states, please see: https://datatracker.ietf.org/help/state/draft/iana-review Thank you, Sabrina Tanamal Lead IANA Services Specialist |
2022-10-30
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Mališa Vučinić |
2022-10-30
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Mališa Vučinić |
2022-10-25
|
07 | Roni Even | Request for Last Call review by GENART Completed: Ready. Reviewer: Roni Even. Sent review to list. |
2022-10-20
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2022-10-20
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2022-10-14
|
07 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2022-10-14
|
07 | Amy Vezza | The following Last Call announcement was sent out (ends 2022-11-18): From: The IESG To: IETF-Announce CC: draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org, ipsec@ietf.org, ipsecme-chairs@ietf.org, kivinen@iki.fi, rdd@cert.org … The following Last Call announcement was sent out (ends 2022-11-18): From: The IESG To: IETF-Announce CC: draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org, ipsec@ietf.org, ipsecme-chairs@ietf.org, kivinen@iki.fi, rdd@cert.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Deprecation of IKEv1 and obsoleted algorithms) to Proposed Standard The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Deprecation of IKEv1 and obsoleted algorithms' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2022-11-18. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Internet Key Exchange version 1 (IKEv1) has been deprecated and its specification in RFC2407, RFC2408 and RFC2409 have been moved to Historic status. A number of old algorithms that are associated with IKEv1, and not widely implemented for IKEv2 are deprecated as well. This document updates RFC 8221 and RFC 8247 and adds a Status column to the IANA IKEv2 Transform Type registries that shows the deprecation status. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev1-algo-to-historic/ No IPR declarations have been submitted directly on this I-D. |
2022-10-14
|
07 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2022-10-14
|
07 | Amy Vezza | Last call announcement was changed |
2022-10-14
|
07 | Roman Danyliw | Last call was requested |
2022-10-14
|
07 | Roman Danyliw | Last call announcement was generated |
2022-10-14
|
07 | Roman Danyliw | Ballot approval text was generated |
2022-10-14
|
07 | Roman Danyliw | Ballot writeup was generated |
2022-10-14
|
07 | Roman Danyliw | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2022-10-11
|
07 | (System) | Changed action holders to Roman Danyliw (IESG state changed) |
2022-10-11
|
07 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2022-10-11
|
07 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-07.txt |
2022-10-11
|
07 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-10-11
|
07 | Paul Wouters | Uploaded new revision |
2022-07-15
|
06 | Roman Danyliw | AD Review: https://mailarchive.ietf.org/arch/msg/ipsec/GVk-d_QatLNuBSFReb8lWBJunF8/ |
2022-07-15
|
06 | (System) | Changed action holders to Roman Danyliw, Paul Wouters (IESG state changed) |
2022-07-15
|
06 | Roman Danyliw | IESG state changed to AD Evaluation::Revised I-D Needed from Publication Requested |
2022-06-11
|
06 | Tero Kivinen | # Document Shepherd Writeup *This version is dated 8 April 2022.* Thank you for your service as a document shepherd. Among the responsibilities is answering … # Document Shepherd Writeup *This version is dated 8 April 2022.* Thank you for your service as a document shepherd. Among the responsibilities is answering the questions in this writeup to give helpful context to Last Call and Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in completing it, is appreciated. The full role of the shepherd is further described in [RFC 4858][2], and informally. You will need the cooperation of authors to complete these checks. Note that some numbered items contain multiple related questions; please be sure to answer all of them. ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with others being silent, or did it reach broad agreement? There is broad agreement in the WG to go forward with this draft. 2. Was there controversy about particular points, or were there decisions where the consensus was particularly rough? There have been few individuals complaining about some of the wordings describing the reasons of moving IKEv1 to historic, but I think we managed to reach consensus on the wording. 3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. 4. For protocol documents, are there existing implementations of the contents of the document? Have a significant number of potential implementers indicated plans to implement? Are any existing implementations reported somewhere, either in the document itself (as [RFC 7942][3] recommends) or elsewhere (where)? This is moving old very widely implemented protocol IKEv1, which have already been replaced and obsoleted by IKEv2 in 2005, to historic status and also deprecates several weak or unspecified algorithms used by it. Thus there are lots of implementations out there and this document allows implementors to remove their support from the old IKEv1 protocol, by giving stronger signal that is past time to migrate any IKEv1 left to IKEv2. ### Additional Reviews 5. Does this document need review from other IETF working groups or external organizations? Have those reviews occurred? No. 6. Describe how the document meets any required formal expert review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. No applicable. 7. If the document contains a YANG module, has the final version of the module been checked with any of the [recommended validation tools][4] for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in [RFC 8342][5]? Document does not contain Yang module. 8. Describe reviews and automated checks performed to validate sections of the final version of the document written in a formal language, such as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc. None needed. ### Document Shepherd Checks 9. Based on the shepherd's review of the document, is it their opinion that this document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director? Yes. 10. Several IETF Areas have assembled [lists of common issues that their reviewers encounter][6]. Do any such issues remain that would merit specific attention from subsequent reviews? Security area has already been reviewing this document. 11. What type of RFC publication is being requested on the IETF stream (Best Current Practice, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Do all Datatracker state attributes correctly reflect this intent? This document contains rationale why to move IKEv1 to historic status, and should be combined with the IESG action document that moves IKEv1 (RFC2407, RFC2408 and RFC2409) to Historic status. This document also includes deprecation of several weak or unspecified cryptographic algorithms, and because of that needs to be published as an RFC. 12. Has the interested community confirmed that any and all appropriate IPR disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not, explain why. If yes, summarize any discussion and conclusion regarding the intellectual property rights (IPR) disclosures, including links to relevant emails. The author and their employer(s) have no IPR. No one else claimed IPR and it seemed to be impossible to have IPR on this. 13. Has each Author or Contributor confirmed their willingness to be listed as such? If the number of Authors/Editors on the front page is greater than 5, please provide a justification. Yes. 14. Identify any remaining I-D nits in this document. (See [the idnits tool][9] and the checkbox items found in Guidelines to Authors of Internet-Drafts). Simply running the idnits tool is not enough; please review the entire guidelines document. The abstract does not mention the directly RFCs this document is updating. Those documents are the RFCs listing mandatory to implement algorithms and the abstract do say "A number of old algorithms that are associated with IKEv1, and not widely implemented for IKEv2 are deprecated as well." 15. Should any informative references be normative or vice-versa? Yes. 16. List any normative references that are not freely available to anyone. Did the community have sufficient access to review any such normative references? All of the normative references are RFCs. 17. Are there any normative downward references (see [RFC 3967][10], [BCP 97][11])? If so, list them. No. 18. Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If they exist, what is the plan for their completion? No. 19. Will publication of this document change the status of any existing RFCs? If so, does the Datatracker metadata correctly reflect this and are those RFCs listed on the title page, in the abstract, and discussed in the introduction? If not, explain why and point to the part of the document where the relationship of this document to these other RFCs is discussed. Yes. It moves IKEv1 to Historic which need associated IESG action document to do the actual change for status of those RFCs (RFC2407, RFC2408, and RFC2409). It also lists updating RFC8221, and RFC8247 which are IKEv2 documents that list mandatory to implement cryptographic algorithms for IKEv2, because it marks several of those algorithms to DEPRECATED status. 20. Describe the document shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all aspects of the document requiring IANA assignments are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that each newly created IANA registry specifies its initial contents, allocations procedures, and a reasonable name (see [RFC 8126][12]). This document adds new column to the IKEv2 cryptographic algorithms IANA registry, and will mark some of the algorithms in those registries as DEPRECATED. 21. List any new IANA registries that require Designated Expert Review for future allocations. Are the instructions to the Designated Expert clear? Please include suggestions of designated experts, if appropriate. This document does not create new IANA registries. [1]: https://www.ietf.org/about/groups/iesg/ [2]: https://www.rfc-editor.org/rfc/rfc4858.html [3]: https://www.rfc-editor.org/rfc/rfc7942.html [4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools [5]: https://www.rfc-editor.org/rfc/rfc8342.html [6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics [7]: https://www.rfc-editor.org/info/bcp78 [8]: https://www.rfc-editor.org/info/bcp79 [9]: https://www.ietf.org/tools/idnits/ [10]: https://www.rfc-editor.org/rfc/rfc3967.html [11]: https://www.rfc-editor.org/info/bcp97 [12]: https://www.rfc-editor.org/rfc/rfc8126.html |
2022-06-11
|
06 | Tero Kivinen | Responsible AD changed to Roman Danyliw |
2022-06-11
|
06 | Tero Kivinen | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2022-06-11
|
06 | Tero Kivinen | IESG state changed to Publication Requested from I-D Exists |
2022-06-11
|
06 | Tero Kivinen | IESG process started in state Publication Requested |
2022-06-11
|
06 | Tero Kivinen | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2022-06-11
|
06 | Tero Kivinen | # Document Shepherd Writeup *This version is dated 8 April 2022.* Thank you for your service as a document shepherd. Among the responsibilities is answering … # Document Shepherd Writeup *This version is dated 8 April 2022.* Thank you for your service as a document shepherd. Among the responsibilities is answering the questions in this writeup to give helpful context to Last Call and Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in completing it, is appreciated. The full role of the shepherd is further described in [RFC 4858][2], and informally. You will need the cooperation of authors to complete these checks. Note that some numbered items contain multiple related questions; please be sure to answer all of them. ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with others being silent, or did it reach broad agreement? There is broad agreement in the WG to go forward with this draft. 2. Was there controversy about particular points, or were there decisions where the consensus was particularly rough? There have been few individuals complaining about some of the wordings describing the reasons of moving IKEv1 to historic, but I think we managed to reach consensus on the wording. 3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. 4. For protocol documents, are there existing implementations of the contents of the document? Have a significant number of potential implementers indicated plans to implement? Are any existing implementations reported somewhere, either in the document itself (as [RFC 7942][3] recommends) or elsewhere (where)? This is moving old very widely implemented protocol IKEv1, which have already been replaced and obsoleted by IKEv2 in 2005, to historic status and also deprecates several weak or unspecified algorithms used by it. Thus there are lots of implementations out there and this document allows implementors to remove their support from the old IKEv1 protocol, by giving stronger signal that is past time to migrate any IKEv1 left to IKEv2. ### Additional Reviews 5. Does this document need review from other IETF working groups or external organizations? Have those reviews occurred? No. 6. Describe how the document meets any required formal expert review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. No applicable. 7. If the document contains a YANG module, has the final version of the module been checked with any of the [recommended validation tools][4] for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in [RFC 8342][5]? Document does not contain Yang module. 8. Describe reviews and automated checks performed to validate sections of the final version of the document written in a formal language, such as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc. None needed. ### Document Shepherd Checks 9. Based on the shepherd's review of the document, is it their opinion that this document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director? Yes. 10. Several IETF Areas have assembled [lists of common issues that their reviewers encounter][6]. Do any such issues remain that would merit specific attention from subsequent reviews? Security area has already been reviewing this document. 11. What type of RFC publication is being requested on the IETF stream (Best Current Practice, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Do all Datatracker state attributes correctly reflect this intent? This document contains rationale why to move IKEv1 to historic status, and should be combined with the IESG action document that moves IKEv1 (RFC2407, RFC2408 and RFC2409) to Historic status. This document also includes deprecation of several weak or unspecified cryptographic algorithms, and because of that needs to be published as an RFC. 12. Has the interested community confirmed that any and all appropriate IPR disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not, explain why. If yes, summarize any discussion and conclusion regarding the intellectual property rights (IPR) disclosures, including links to relevant emails. The author and their employer(s) have no IPR. No one else claimed IPR and it seemed to be impossible to have IPR on this. 13. Has each Author or Contributor confirmed their willingness to be listed as such? If the number of Authors/Editors on the front page is greater than 5, please provide a justification. Yes. 14. Identify any remaining I-D nits in this document. (See [the idnits tool][9] and the checkbox items found in Guidelines to Authors of Internet-Drafts). Simply running the idnits tool is not enough; please review the entire guidelines document. The abstract does not mention the directly RFCs this document is updating. Those documents are the RFCs listing mandatory to implement algorithms and the abstract do say "A number of old algorithms that are associated with IKEv1, and not widely implemented for IKEv2 are deprecated as well." 15. Should any informative references be normative or vice-versa? Yes. 16. List any normative references that are not freely available to anyone. Did the community have sufficient access to review any such normative references? All of the normative references are RFCs. 17. Are there any normative downward references (see [RFC 3967][10], [BCP 97][11])? If so, list them. No. 18. Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If they exist, what is the plan for their completion? No. 19. Will publication of this document change the status of any existing RFCs? If so, does the Datatracker metadata correctly reflect this and are those RFCs listed on the title page, in the abstract, and discussed in the introduction? If not, explain why and point to the part of the document where the relationship of this document to these other RFCs is discussed. Yes. It moves IKEv1 to Historic which need associated IESG action document to do the actual change for status of those RFCs (RFC2407, RFC2408, and RFC2409). It also lists updating RFC8221, and RFC8247 which are IKEv2 documents that list mandatory to implement cryptographic algorithms for IKEv2, because it marks several of those algorithms to DEPRECATED status. 20. Describe the document shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all aspects of the document requiring IANA assignments are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that each newly created IANA registry specifies its initial contents, allocations procedures, and a reasonable name (see [RFC 8126][12]). This document adds new column to the IKEv2 cryptographic algorithms IANA registry, and will mark some of the algorithms in those registries as DEPRECATED. 21. List any new IANA registries that require Designated Expert Review for future allocations. Are the instructions to the Designated Expert clear? Please include suggestions of designated experts, if appropriate. This document does not create new IANA registries. [1]: https://www.ietf.org/about/groups/iesg/ [2]: https://www.rfc-editor.org/rfc/rfc4858.html [3]: https://www.rfc-editor.org/rfc/rfc7942.html [4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools [5]: https://www.rfc-editor.org/rfc/rfc8342.html [6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics [7]: https://www.rfc-editor.org/info/bcp78 [8]: https://www.rfc-editor.org/info/bcp79 [9]: https://www.ietf.org/tools/idnits/ [10]: https://www.rfc-editor.org/rfc/rfc3967.html [11]: https://www.rfc-editor.org/info/bcp97 [12]: https://www.rfc-editor.org/rfc/rfc8126.html |
2022-06-10
|
06 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-06.txt |
2022-06-10
|
06 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-06-10
|
06 | Paul Wouters | Uploaded new revision |
2022-06-07
|
05 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-05.txt |
2022-06-07
|
05 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-06-07
|
05 | Paul Wouters | Uploaded new revision |
2022-06-07
|
04 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-04.txt |
2022-06-07
|
04 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-06-07
|
04 | Paul Wouters | Uploaded new revision |
2022-06-07
|
03 | Tero Kivinen | # Document Shepherd Writeup *This version is dated 8 April 2022.* Thank you for your service as a document shepherd. Among the responsibilities is answering … # Document Shepherd Writeup *This version is dated 8 April 2022.* Thank you for your service as a document shepherd. Among the responsibilities is answering the questions in this writeup to give helpful context to Last Call and Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in completing it, is appreciated. The full role of the shepherd is further described in [RFC 4858][2], and informally. You will need the cooperation of authors to complete these checks. Note that some numbered items contain multiple related questions; please be sure to answer all of them. ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with others being silent, or did it reach broad agreement? There is broad agreement in the WG to go forward with this draft. 2. Was there controversy about particular points, or were there decisions where the consensus was particularly rough? There have been few individuals complaining about some of the wordings describing the reasons of moving IKEv1 to historic, but I think we managed to reach consensus on the wording. 3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. 4. For protocol documents, are there existing implementations of the contents of the document? Have a significant number of potential implementers indicated plans to implement? Are any existing implementations reported somewhere, either in the document itself (as [RFC 7942][3] recommends) or elsewhere (where)? This is moving old very widely implemented protocol IKEv1, which have already been replaced and obsoleted by IKEv2 in 2005, to historic status. Thus there are lots of implementations out there and this document allows implementors to remove their support from the old IKEv1 protocol, by giving stronger signal that is past time to migrate any IKEv1 left to IKEv2. ### Additional Reviews 5. Does this document need review from other IETF working groups or external organizations? Have those reviews occurred? No. 6. Describe how the document meets any required formal expert review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. No applicable. 7. If the document contains a YANG module, has the final version of the module been checked with any of the [recommended validation tools][4] for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in [RFC 8342][5]? Document does not contain Yang module. 8. Describe reviews and automated checks performed to validate sections of the final version of the document written in a formal language, such as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc. None needed. ### Document Shepherd Checks 9. Based on the shepherd's review of the document, is it their opinion that this document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director? Yes. 10. Several IETF Areas have assembled [lists of common issues that their reviewers encounter][6]. Do any such issues remain that would merit specific attention from subsequent reviews? Security area has already been reviewing this document. 11. What type of RFC publication is being requested on the IETF stream (Best Current Practice, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Do all Datatracker state attributes correctly reflect this intent? This document will be moving IKEv1 to historic status, and is marked as proposed standard. It also updates the IANA registries by moving several old and unsecure algorithms to DEPRECATED status. 12. Has the interested community confirmed that any and all appropriate IPR disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not, explain why. If yes, summarize any discussion and conclusion regarding the intellectual property rights (IPR) disclosures, including links to relevant emails. The author and their employer(s) have no IPR. No one else claimed IPR and it seemed to be impossible to have IPR on this. 13. Has each Author or Contributor confirmed their willingness to be listed as such? If the number of Authors/Editors on the front page is greater than 5, please provide a justification. Yes. 14. Identify any remaining I-D nits in this document. (See [the idnits tool][9] and the checkbox items found in Guidelines to Authors of Internet-Drafts). Simply running the idnits tool is not enough; please review the entire guidelines document. The abstract does not mention the directly RFCs this document is updating. Those documents are the RFCs listing mandatory to implement algorithms and the abstract do say "A number of old algorithms that are associated with IKEv1, and not widely implemented for IKEv2 are deprecated as well." 15. Should any informative references be normative or vice-versa? Yes. Shepherd requested some changes to the informative / normative references split. 16. List any normative references that are not freely available to anyone. Did the community have sufficient access to review any such normative references? All of the normative refenrences are RFCs. 17. Are there any normative downward references (see [RFC 3967][10], [BCP 97][11])? If so, list them. No. 18. Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If they exist, what is the plan for their completion? No. 19. Will publication of this document change the status of any existing RFCs? If so, does the Datatracker metadata correctly reflect this and are those RFCs listed on the title page, in the abstract, and discussed in the introduction? If not, explain why and point to the part of the document where the relationship of this document to these other RFCs is discussed. Yes. It moves IKEv1 to Historic which will change the status of those RFCs. It also lists updating RFC7296, RFC8221, RFC8247. Shepherd does not see why this document should be updating RFC7296. 20. Describe the document shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all aspects of the document requiring IANA assignments are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that each newly created IANA registry specifies its initial contents, allocations procedures, and a reasonable name (see [RFC 8126][12]). This document adds new column to the IKEv2 cryptographic algorithms IANA registry, and will mark some of the algorithms in those registries as DEPRECATED. 21. List any new IANA registries that require Designated Expert Review for future allocations. Are the instructions to the Designated Expert clear? Please include suggestions of designated experts, if appropriate. This document does not create new IANA registries. [1]: https://www.ietf.org/about/groups/iesg/ [2]: https://www.rfc-editor.org/rfc/rfc4858.html [3]: https://www.rfc-editor.org/rfc/rfc7942.html [4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools [5]: https://www.rfc-editor.org/rfc/rfc8342.html [6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics [7]: https://www.rfc-editor.org/info/bcp78 [8]: https://www.rfc-editor.org/info/bcp79 [9]: https://www.ietf.org/tools/idnits/ [10]: https://www.rfc-editor.org/rfc/rfc3967.html [11]: https://www.rfc-editor.org/info/bcp97 [12]: https://www.rfc-editor.org/rfc/rfc8126.html |
2022-06-07
|
03 | Tero Kivinen | Notification list changed to kivinen@iki.fi because the document shepherd was set |
2022-06-07
|
03 | Tero Kivinen | Document shepherd changed to Tero Kivinen |
2022-04-29
|
03 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-03.txt |
2022-04-29
|
03 | Paul Wouters | New version accepted (logged-in submitter: Paul Wouters) |
2022-04-29
|
03 | Paul Wouters | Uploaded new revision |
2022-04-28
|
02 | (System) | Document has expired |
2021-10-25
|
02 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-02.txt |
2021-10-25
|
02 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-10-25
|
02 | Paul Wouters | Uploaded new revision |
2021-08-16
|
01 | Tero Kivinen | Tag Revised I-D Needed - Issue raised by WGLC set. |
2021-08-16
|
01 | Tero Kivinen | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2021-06-27
|
01 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-01.txt |
2021-06-27
|
01 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-06-27
|
01 | Paul Wouters | Uploaded new revision |
2021-06-26
|
00 | Yoav Nir | WGLC ends July 12th |
2021-06-26
|
00 | Yoav Nir | IETF WG state changed to In WG Last Call from WG Document |
2021-06-26
|
00 | Yoav Nir | Changed consensus to Yes from Unknown |
2021-06-26
|
00 | Yoav Nir | Intended Status changed to Proposed Standard from None |
2021-04-28
|
00 | Yoav Nir | This document now replaces draft-pwouters-ikev1-ipsec-graveyard instead of None |
2021-04-28
|
00 | Paul Wouters | New version available: draft-ietf-ipsecme-ikev1-algo-to-historic-00.txt |
2021-04-28
|
00 | (System) | WG -00 approved |
2021-04-28
|
00 | Paul Wouters | Set submitter to "Paul Wouters ", replaces to draft-pwouters-ikev1-ipsec-graveyard and sent approval email to group chairs: ipsecme-chairs@ietf.org |
2021-04-28
|
00 | Paul Wouters | Uploaded new revision |