On Feb 10, 2012, at 12:13 PM, Yaron Sheffer wrote: > sorry, I don't understand your statement. Yes, IKEv1 is popular but > (formally) obsolete. It is still our responsibility to ensure that it doesn't > gain new and insecure extensions in its old age.
I think you understand my statement but simply disagree with it. :-) I don't believe that is our responsibility, although we can certainly help prevent it if the extension writers ask us. If an extension writer creates an insecure extension, we can point that out, make fun of it on the mailing list and in the press, and so on; it is not our responsibility to prevent it for an obsolete protocol. > The way we do it is through the normal IETF/RFC-Ed/IANA bureaucratic > processes. Yes. > Unlike Tero, I don't think people will be adding non-IETF extensions of this > sort to IKEv1. New crypto algorithms, maybe. But new authentication methods? > I'd be surprised. We are often surprised. > I'm fine with Tero's proposal to resolve this question in Paris. I would rather hear much more before then, and maybe even come to agreement. If we need to have a voice discussion, we could have an open design team meeting related to this in a week or so. --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
