Yaron Sheffer writes: > IIRC we published RFC 5903 using the old code points because there was > no objection, i.e. no indication that people had deployed pre-errata > 4753. Whether this was the right thing to do or not is not very > interesting now.
There was very strong objection, at least from me. http://www.ietf.org/mail-archive/web/ipsec/current/msg05445.html And as I pointed out at that time was that our code for example was changed to use pre errata 4753 because other implementor complained that we did things wrong, so our toolkits are using either pre-errata or post-errata 4753 depending on the version (very old ones use post-errata, then several years for per-errata, and then again post-errata). This was discussed in the email. As an IANA expert I said we are going to allocate new numbers for this, but area directors were against this and they managed to talk me out it (unfortunately, I still think it would have been much better to allocate new numbers). The only comment why keep original numbers was that there was ONE implementation out there that used them, and that implementation would never get updated to include new numbers if we allocated them. I myself considered this as very weak reason, but other people had different opinions. BTW most of this discussion happened face-to-face, not in the mailing list. I did point out at that time, that this will mean that those ECP groups cannot get wide use as people cannot enable them unless they are using exactly same version of IPsec in all of their devices, and I have been recommending to our customers to stay away from thse groups. > So, seeing that people are slowly moving to ECC, I would like some input > from the group on whether to progress RFC 5903. We will need to > demonstrate implementation experience to do that. I am against for RFC5903 going forward as we KNOW there is known implemnetation issues with the groups defined there, and those problems manifest by just causing timeouts during the IKE_AUTH exchange, i.e. there is no proper way to do good fallback. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
