Re: [IPsec] New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txt
Minor point, but Paul I really like "graveyard” better than “diediedie”.sptOn Mar 11, 2019, at 14:39, Paul Wouters wrote:As we discussed on the list and in Bangkok, we were going to submit adocument to deprecrate IKEv1 and various old skool algorithms usinga [DEPRECATED] column in the IANA registry.I wrote a first draft to do this...Paul-- Forwarded message -From: Date: Mon, Mar 11, 2019 at 2:35 PMSubject: New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txtTo: Paul Wouters A new version of I-D, draft-pwouters-ikev1-ipsec-graveyard-00.txthas been successfully submitted by Paul Wouters and posted to theIETF repository.Name: draft-pwouters-ikev1-ipsec-graveyardRevision: 00Title: Deprecation of IKEv1 and obsoleted algorithmsDocument date: 2019-03-11Group: Individual SubmissionPages: 6URL: https://www.ietf.org/internet-drafts/draft-pwouters-ikev1-ipsec-graveyard-00.txtStatus: https://datatracker.ietf.org/doc/draft-pwouters-ikev1-ipsec-graveyard/Htmlized: https://tools.ietf.org/html/draft-pwouters-ikev1-ipsec-graveyard-00Htmlized: https://datatracker.ietf.org/doc/html/draft-pwouters-ikev1-ipsec-graveyardAbstract: This document deprecates Internet Key Exchange version 1 (IKEv1) and additionally deprecates a number of algorithms that are obsolete.Please note that it may take a couple of minutes from the time of submissionuntil the htmlized version and diff are available at tools.ietf.org.The IETF Secretariat___IPsec mailing listIPsec@ietf.orghttps://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txt
Minor point, but Paul I really like "graveyard” better than “diediedie”. spt > On Mar 11, 2019, at 14:39, Paul Wouters wrote: > > > As we discussed on the list and in Bangkok, we were going to submit a > document to deprecrate IKEv1 and various old skool algorithms using > a [DEPRECATED] column in the IANA registry. > > I wrote a first draft to do this... > > Paul > > -- Forwarded message - > From: > Date: Mon, Mar 11, 2019 at 2:35 PM > Subject: New Version Notification for > draft-pwouters-ikev1-ipsec-graveyard-00.txt > To: Paul Wouters > > > > A new version of I-D, draft-pwouters-ikev1-ipsec-graveyard-00.txt > has been successfully submitted by Paul Wouters and posted to the > IETF repository. > > Name: draft-pwouters-ikev1-ipsec-graveyard > Revision: 00 > Title: Deprecation of IKEv1 and obsoleted algorithms > Document date: 2019-03-11 > Group: Individual Submission > Pages: 6 > URL: > https://www.ietf.org/internet-drafts/draft-pwouters-ikev1-ipsec-graveyard-00.txt > Status: > https://datatracker.ietf.org/doc/draft-pwouters-ikev1-ipsec-graveyard/ > Htmlized: > https://tools.ietf.org/html/draft-pwouters-ikev1-ipsec-graveyard-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-pwouters-ikev1-ipsec-graveyard > > > Abstract: >This document deprecates Internet Key Exchange version 1 (IKEv1) and >additionally deprecates a number of algorithms that are obsolete. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txt
On Tue, 12 Mar 2019, Tommy Pauly wrote: Thanks for writing this up! Glad to get rid of IKEv1 =) We just need PPK and Labeled IPsec as RFC and then we are go :) I do have a question regarding whether the deprecations for the IKEv2 registry are appropriate for this document. RFC 8247 contains the recommendations for the which algorithms and DH groups are going away (SHOULD NOT, MUST NOT, etc), and it seems like an update to that document or similar would be more appropriate to discuss marking deprecation. I might have misunderstood Tero, but this what we said before: Paul: > I'm happy to write a separate diediedie document, but it would sort of Paul: > break the cycle of our IKE and ESP/AH document updates? Tero: Writing separate die-die-die document would be faster, and I do not Tero: think we have yet any pending changes for the algorithms we have in Tero: 8221 and 8247 waiting to be done. While it should update 8221/8247 (I'll add it for the next revision), I think Tero is right that this isn't the regular cycle of algorithm update using bis documents. It would be a bit overkill to already replace those two documents, especially because the "diff" would really not be very informative, because it would only show what are currently MAY algorithms that are not shown in 8221/8247 at all because they didn't change. And since we are not changing anything else, we wouldn't show anything else in the columns. So I think doing this "out of series" is a better solution. But I didn't instruct IANA to put [this document] in the ESP and IKEv2 reference columns for those algorithms, which we should do as well as adding the DEPRECATED column [insert Tero sitting at a table with "An extra column is wrong - CHANGE MY MIND"] poster. Paul ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] New Version Notification for draft-pwouters-ikev1-ipsec-graveyard-00.txt
Thanks for writing this up! Glad to get rid of IKEv1 =) I do have a question regarding whether the deprecations for the IKEv2 registry are appropriate for this document. RFC 8247 contains the recommendations for the which algorithms and DH groups are going away (SHOULD NOT, MUST NOT, etc), and it seems like an update to that document or similar would be more appropriate to discuss marking deprecation. Best, Tommy > On Mar 11, 2019, at 11:39 AM, Paul Wouters wrote: > > > As we discussed on the list and in Bangkok, we were going to submit a > document to deprecrate IKEv1 and various old skool algorithms using > a [DEPRECATED] column in the IANA registry. > > I wrote a first draft to do this... > > Paul > > -- Forwarded message - > From: > Date: Mon, Mar 11, 2019 at 2:35 PM > Subject: New Version Notification for > draft-pwouters-ikev1-ipsec-graveyard-00.txt > To: Paul Wouters > > > > A new version of I-D, draft-pwouters-ikev1-ipsec-graveyard-00.txt > has been successfully submitted by Paul Wouters and posted to the > IETF repository. > > Name: draft-pwouters-ikev1-ipsec-graveyard > Revision: 00 > Title: Deprecation of IKEv1 and obsoleted algorithms > Document date: 2019-03-11 > Group: Individual Submission > Pages: 6 > URL: > https://www.ietf.org/internet-drafts/draft-pwouters-ikev1-ipsec-graveyard-00.txt > Status: > https://datatracker.ietf.org/doc/draft-pwouters-ikev1-ipsec-graveyard/ > Htmlized: > https://tools.ietf.org/html/draft-pwouters-ikev1-ipsec-graveyard-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-pwouters-ikev1-ipsec-graveyard > > > Abstract: >This document deprecates Internet Key Exchange version 1 (IKEv1) and >additionally deprecates a number of algorithms that are obsolete. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
