Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
Roman Danyliw <rdd@cert.org> Thu, 15 December 2022 14:56 UTC
Return-Path: <rdd@cert.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67BB8C14F746; Thu, 15 Dec 2022 06:56:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIHQDEaKCv1e; Thu, 15 Dec 2022 06:56:50 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0122.outbound.protection.office365.us [23.103.209.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAFC1C14F720; Thu, 15 Dec 2022 06:56:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=UslnOcnptiUAddMPdjfDNrNdETiJ9DfLB5Vxq2qK8ScOt+wxnwwponb3acXbl47wEREhKaitowWzz14wEcT8jcWb0kqgtjAXq3UtoatWbrf1J0kMw2559+UO5SN6aOifzVDb04f6keoek0PVzRNINZ4E54v0ftCQsS4m59w42adR+FU2F59xnU291dK/3TsJ46pfTzdqXF6mqZouZ1TM53N63uwopQTtXz1Cw16r1bRrxbTZ5KtGp+rJHvVYx2oL0nf6XNvWSXgRmiQXwPB5o31kkvD8UDmT6IhgbSo6U8pAEmnhwu6wRICIoLPbNEwuXg+U3YfrJlvYh8wWWoegYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7xvX3Xm5XBD6Tdo57xk5402mRntgKvzhRTxwB99o2qQ=; b=DLMxzHZ3GWSm0CFFP4NH48EVwnaXpTmcNvkAs0H+oxlndfDxOIVpQZkiDg5G+fW0KF3zauop+lkmBckAbSEyizmwvuxLR+E4beIu6hHtK1vfd1m7qQpR+O84pyxz4TcQECLyfXSwV/VPOI772ukg02eW9UvVQsZHG9el7NODE8uhc4o5960g3RLVbALfgeEvYCdgcdq2hqlPz9QTFrEUUBMgAtpNpLih4f5wWk2uAH0qpY4h/a/dklBCTl52labWLPvVgtPQoHJQtqZ8vpLoxraEExujdEL3UEg6+JVLgWSHW2awmJME2muolBjL6r1MWn/AFcydPN+PLMWBQEh/Yw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7xvX3Xm5XBD6Tdo57xk5402mRntgKvzhRTxwB99o2qQ=; b=FarStJkSJKkzpftCqG//KiNMRpmTsN+TiPfCWkfUC5ZHFDX4h8WDuUjjrE9mnoHHkmgYLKmQ0vkSPgTEshNQMjFE2djJds30u12McTITG4SMvErggWZxdnAs2+QhCbG6J1LTclG+5jhT110N7QbgReV1V8YRq9Cr9/0KclU6AYo=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1730.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:16a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11; Thu, 15 Dec 2022 14:56:41 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::f656:a52b:3f50:847a]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::f656:a52b:3f50:847a%4]) with mapi id 15.20.5924.011; Thu, 15 Dec 2022 14:56:41 +0000
From: Roman Danyliw <rdd@cert.org>
To: Warren Kumari <warren@kumari.net>, Paul Wouters <paul@nohats.ca>
CC: The IESG <iesg@ietf.org>, "draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org" <draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "kivinen@iki.fi" <kivinen@iki.fi>
Thread-Topic: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
Thread-Index: AQHZDwLIPmxUN428dUWfviBscbSCM65r8zoAgAAl8ICAAuzegIAABfKw
Date: Thu, 15 Dec 2022 14:56:41 +0000
Message-ID: <BN2P110MB110786EF7A63ADBDD34CAFF8DCE19@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <167094324735.45634.6215476133161483286@ietfa.amsl.com> <ca431827-6090-dba7-6280-20bed8ebf37d@nohats.ca> <CAHw9_i+5aaasAdWU-pu-geGX6StrR6vzHTHmzcVGCo8FYruaxQ@mail.gmail.com> <CAHw9_i+N=RG0bUjq9kUCTOj6eJRfpSyraF-+BVLTmwvgSHDHiA@mail.gmail.com>
In-Reply-To: <CAHw9_i+N=RG0bUjq9kUCTOj6eJRfpSyraF-+BVLTmwvgSHDHiA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1730:EE_
x-ms-office365-filtering-correlation-id: 5ecd363c-9b4f-4706-06b9-08dadeac939e
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0mjG+VoqC7bkcoFp7mVCzs6w6WGqTiA+KiuITpEz6R7yMMyuTmLETu41MR83/lC3zSdZC2xNBwvIhRGasK4UH7W7QJKs718CFo0rHpSKnrZdaPSCMX9IVxovMTmNsSJaV94yUxJGjhzt6O0Z7nq432Rfd9oFGMWiO2iaKbFJvswJT0TIsGC0y/uFt3DQSNeuFGg09NliAKNAZyOPAm6pK2lQ3IZRNuFntCtaggJWU/9tffeci80adszkR/wBxCsOTGDUybWEweQ74jayC2Al7dGv4XNa4AqEbIs+/feOt2UwP9E9LhbDA8fkmdHNNJqVSV6frA+HU4Bi3PbaXYW+b4PwNdjMChMlwJAsdF5bWMz5NkCsOoCY7qEwgaV+Q4YB+wZFbEAYRn7q+bDyTeW4Zt2NR9JZbZ4KYot4jhE8JgC5VCWMXYDFvlherc6jE7Gn4Xm8myemDOaLMV7mvkupQVVQzdZf7rhFW/vvJsrYF9oeVibfnEcQGhPF3FoG5ZdjZo8IAjquX831cOpHLLp1zhOHeWno3soNy2S+phunay9IStvs9BCInUg1HWBuzXe9Vtf9xatkC0QNbbcRjIPnxT77gDGgh5HpxJZEZMrbp2Cii7OhWSCwPXe2fIexta7onxB1lK6HM68y5Qy57GKlmQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(136003)(39830400003)(396003)(366004)(451199015)(110136005)(54906003)(966005)(55016003)(33656002)(71200400001)(82960400001)(4326008)(8676002)(41300700001)(66574015)(186003)(38070700005)(66446008)(166002)(66476007)(64756008)(76116006)(66946007)(66556008)(86362001)(83380400001)(41320700001)(38100700002)(508600001)(53546011)(7696005)(9686003)(122000001)(26005)(6506007)(5660300002)(2906002)(52536014)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: szRchcE6zrb5O0Z3i3dmqiL+doOEuBehfgoE5Acw8v8P5DUIX0uLjWXMbGKST/5jho+e+OWzbh9XRIvDral0GJi1/h0h/yvqSBURkICdGl3NJgERnE1Kl0GunnbJaRycO9Pg9AHC0CBYBReykbOJoW8PiwwgiQWs8cYPxkrCOgvnJA/HUCDI/2qelqzj4lc0m0W9RhBS/pGU3Q0bL2F/HLzA3xSbz2/jG00QosQyPEAxup7G8HXwiFFHnEqu9NTJw5vRTQV2/AUdU4pYIUcSbQmhJ/ywNUDRwL0z9QfiGI3O1OwrrIB4l2DZuHtJaY1jG+UU7AR0OAS59ybkawjDnSJjgsQhoVKQyyD8JMookYm5XY3DxmaRqBqPwUwFIOrzqtljtLliJjFvRzrjNYxUwpSt3bT3VVCUIboqpC4oHBk=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB110786EF7A63ADBDD34CAFF8DCE19BN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ecd363c-9b4f-4706-06b9-08dadeac939e
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2022 14:56:41.8539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1730
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/wt7yRaBJ1ZsE8R88qutMYR9qY8Y>
Subject: Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2022 14:56:55 -0000
Hi! From: IPsec <ipsec-bounces@ietf.org> On Behalf Of Warren Kumari Sent: Thursday, December 15, 2022 9:32 AM To: Paul Wouters <paul@nohats.ca> Cc: The IESG <iesg@ietf.org>; draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org; ipsecme-chairs@ietf.org; ipsec@ietf.org; kivinen@iki.fi Subject: Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS) On Tue, Dec 13, 2022 at 12:51 PM, Warren Kumari <warren@kumari.net<mailto:warren@kumari.net>> wrote: On Tue, Dec 13, 2022 at 10:36 AM, Paul Wouters <paul@nohats.ca<mailto:paul@nohats.ca>> wrote: On Tue, 13 Dec 2022, Warren Kumari via Datatracker wrote: [speaking with author hat on] ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Be ye not afraid -- see https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on handling ballots, especially DISCUSS ballots... Can the IETF actually deprecate / make a protocol historic? (as stated in "Internet Key Exchange version 1 (IKEv1) has been deprecated" and "IKEv1 has been moved to Historic status.") I agree that **making the documents that describe these** be historic is the right thing to do, and also that the IETF can strongly recommend that people don't use/deploy/whatever IKEv1, but I don't really know if we (or anyone) have the power to deprecate a protocol. We are not the protocol police, and we cannot instruct people to e.g deploy protocol foo, so I don't know if we can deprecate a protocol either -- but I suspect that this might be because I don't actually know what "IKEv1 has been deprecated" actually *means*. Again, I'm not trying to block what this document is attempting to *do*, but rather make it clear what it is actually doing. What it means is that the IETF has stopped maintaining it. It will not allow any new registrations into the related IANA registries and no new work will be started on this protocol version. Perhaps you could add something to the document saying that (or, even better, drop in a reference to an RFC that says that)? From Rob's ballot: "I do wonder exactly how well understood "deprecated" is in the wider community." - it's not just "in the wider community", because it wasn't clear to me *exactly* what it meant. Just following up before the telechat - if we agree to add a clarification I can clear. [Roman] Clarifying words can certainly be added here. The general practice of “deprecating” a protocol to signal IETF’s position on no longer using the protocol precedence as recently as last year: Deprecating TLS 1.0 and TLS 1.1 https://datatracker.ietf.org/doc/rfc8996/ Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2 https://datatracker.ietf.org/doc/rfc9155/ Regards, Roman
- [IPsec] Warren Kumari's Discuss on draft-ietf-ips… Warren Kumari via Datatracker
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Paul Wouters
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Warren Kumari
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Warren Kumari
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Roman Danyliw
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Paul Wouters
- Re: [IPsec] Warren Kumari's Discuss on draft-ietf… Warren Kumari