Skip to main content

Algorithms for Internet Key Exchange version 1 (IKEv1)
draft-hoffman-ikev1-algorithms-03

Yes

(Russ Housley)

No Objection

(Alex Zinin)
(Allison Mankin)
(Bert Wijnen)
(Bill Fenner)
(Jon Peterson)
(Margaret Cullen)
(Scott Hollenbeck)
(Thomas Narten)

Note: This ballot was opened for revision 03 and is now closed.

Harald Alvestrand Former IESG member
(was No Objection, Discuss) Yes
Yes (2005-01-03) Unknown
Reviewed by Mary Barnes, Gen-ART
I find that -03 addresses the concerns raised in the review.

Her review has been filed in the document log.

On Mary's comment about BCP - I think it's OK for this to be standards-track.
Russ Housley Former IESG member
Yes
Yes () Unknown

                            
Alex Zinin Former IESG member
No Objection
No Objection () Unknown

                            
Allison Mankin Former IESG member
No Objection
No Objection () Unknown

                            
Bert Wijnen Former IESG member
No Objection
No Objection () Unknown

                            
Bill Fenner Former IESG member
No Objection
No Objection () Unknown

                            
David Kessens Former IESG member
No Objection
No Objection (2004-12-15) Unknown
Comments received from the OPS directorate by Pekka Savola:

Good document.

Two minor editorial nits to improve the readability a bit.

   The other algorithms that were listed at MUST-level and SHOULD-level
   in RFC 2409 are now MAY-level.  This includes DES for encryption, MD5
   and Tiger for hashing, Diffie-Hellman MODP group 1, Diffie-Hellman
   MODP groups with elliptic curves, DSA for authentication with
   signatures, and RSA for authentication with encryption.

==> I'd split to a second paragraph around here, because I first
misread this text.

    DES for
   encryption, MD5 for hashing, Diffie-Hellman MODP group 1 are dropped
   to MAY due to cryptographic weakness.  Tiger for hashing,
   Diffie-Hellman MODP groups with elliptic curves, DSA for
   authentication with signatures, and RSA for authentication with
   encryption are dropped due to lack of any significant deployment and
   interoperability.

==> this does not explain why MD5 is dropped for _HMAC functions_ ?
Jon Peterson Former IESG member
No Objection
No Objection () Unknown

                            
Margaret Cullen Former IESG member
No Objection
No Objection () Unknown

                            
Sam Hartman Former IESG member
No Objection
No Objection (2004-12-16) Unknown
I agree an editing pass would help this documen.t I would have
preferred the use of the adjectives defined in 2199 (REQUIRED,
RECOMMENDED, OPTIONAL) rather than new adjectives (MUST-level) etc,
but this preference is not strong enough for a discuss.
Scott Hollenbeck Former IESG member
No Objection
No Objection () Unknown

                            
Ted Hardie Former IESG member
No Objection
No Objection (2004-12-14) Unknown
Nit in the Introduction:

This document updates RFC by changing the algorithm requirements
   defined there.

should be RFC 2409?
Thomas Narten Former IESG member
No Objection
No Objection () Unknown