On Tue, 12 Mar 2019, Tommy Pauly wrote:
Thanks for writing this up! Glad to get rid of IKEv1 =)
We just need PPK and Labeled IPsec as RFC and then we are go :)
I do have a question regarding whether the deprecations for the IKEv2 registry are appropriate for this document. RFC 8247 contains the recommendations for the which algorithms and DH groups are going away (SHOULD NOT, MUST NOT, etc), and it seems like an update to that document or similar would be more appropriate to discuss marking deprecation.
I might have misunderstood Tero, but this what we said before: Paul: > I'm happy to write a separate diediedie document, but it would sort of Paul: > break the cycle of our IKE and ESP/AH document updates? Tero: Writing separate die-die-die document would be faster, and I do not Tero: think we have yet any pending changes for the algorithms we have in Tero: 8221 and 8247 waiting to be done. While it should update 8221/8247 (I'll add it for the next revision), I think Tero is right that this isn't the regular cycle of algorithm update using bis documents. It would be a bit overkill to already replace those two documents, especially because the "diff" would really not be very informative, because it would only show what are currently MAY algorithms that are not shown in 8221/8247 at all because they didn't change. And since we are not changing anything else, we wouldn't show anything else in the columns. So I think doing this "out of series" is a better solution. But I didn't instruct IANA to put [this document] in the ESP and IKEv2 reference columns for those algorithms, which we should do as well as adding the DEPRECATED column [insert Tero sitting at a table with "An extra column is wrong - CHANGE MY MIND"] poster. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
