Algorithms for Internet Key Exchange version 1 (IKEv1)
draft-hoffman-ikev1-algorithms-03
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the Yes position for Harald Alvestrand |
2005-01-04
|
03 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2005-01-03
|
03 | Amy Vezza | IESG state changed to Approved-announcement sent |
2005-01-03
|
03 | Amy Vezza | IESG has approved the document |
2005-01-03
|
03 | Amy Vezza | Closed "Approve" ballot |
2005-01-03
|
03 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
2005-01-03
|
03 | Harald Alvestrand | [Ballot Position Update] Position for Harald Alvestrand has been changed to Yes from No Objection by Harald Alvestrand |
2005-01-03
|
03 | Harald Alvestrand | [Ballot comment] Reviewed by Mary Barnes, Gen-ART I find that -03 addresses the concerns raised in the review. Her review has been filed in the … [Ballot comment] Reviewed by Mary Barnes, Gen-ART I find that -03 addresses the concerns raised in the review. Her review has been filed in the document log. On Mary's comment about BCP - I think it's OK for this to be standards-track. |
2005-01-03
|
03 | Harald Alvestrand | [Ballot Position Update] Position for Harald Alvestrand has been changed to No Objection from Discuss by Harald Alvestrand |
2004-12-20
|
03 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2004-12-20
|
03 | (System) | New version available: draft-hoffman-ikev1-algorithms-03.txt |
2004-12-17
|
03 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2004-12-16
|
03 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded for Thomas Narten by Thomas Narten |
2004-12-16
|
03 | Sam Hartman | [Ballot comment] I agree an editing pass would help this documen.t I would have preferred the use of the adjectives defined in 2199 (REQUIRED, RECOMMENDED, … [Ballot comment] I agree an editing pass would help this documen.t I would have preferred the use of the adjectives defined in 2199 (REQUIRED, RECOMMENDED, OPTIONAL) rather than new adjectives (MUST-level) etc, but this preference is not strong enough for a discuss. |
2004-12-16
|
03 | Sam Hartman | [Ballot Position Update] New position, No Objection, has been recorded for Sam Hartman by Sam Hartman |
2004-12-16
|
03 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2004-12-16
|
03 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
2004-12-16
|
03 | Harald Alvestrand | [Ballot comment] Reviewed by Mary Barnes, Gen-ART Her review has been filed in the document log. On Mary's comment about BCP - I think it's … [Ballot comment] Reviewed by Mary Barnes, Gen-ART Her review has been filed in the document log. On Mary's comment about BCP - I think it's OK for this to be standards-track. Query: Should there be mention of a revised version of this at some date in the future changing AES to a MUST? (echoes of the SHOULD+ language from another document) |
2004-12-16
|
03 | Harald Alvestrand | [Ballot discuss] Mary Barnes' review (added as doc comment) identified several unclear points. I think most of the problems can be fixed with an editing … [Ballot discuss] Mary Barnes' review (added as doc comment) identified several unclear points. I think most of the problems can be fixed with an editing pass. I also think that the table of "old" and "new" requirements that Mary gave should be added to the document - it makes it MUCH clearer what has been changed. |
2004-12-16
|
03 | Harald Alvestrand | [Ballot discuss] Mary Barnes' review (added as doc comment) identified several unclear points. I think most of the problems can be fixed with an editing … [Ballot discuss] Mary Barnes' review (added as doc comment) identified several unclear points. I think most of the problems can be fixed with an editing pass. I also think that the table of "old" and "new" requirements that Mary gave should be added to the document - it makes it MUCH clearer what has been changed. On Mary's comment about BCP - I think it's OK for this to be standards-track. Should there be mention of a revised version of this at some date in the future changing AES to a MUST? (echoes of the SHOULD+ language from another document) |
2004-12-16
|
03 | Harald Alvestrand | [Ballot Position Update] New position, Discuss, has been recorded for Harald Alvestrand by Harald Alvestrand |
2004-12-16
|
03 | Harald Alvestrand | Review by Mary Barnes, Gen-ART (complete text) Summary: -------- Draft needs some work prior to approval. Also, I'm a bit confused about this draft updating … Review by Mary Barnes, Gen-ART (complete text) Summary: -------- Draft needs some work prior to approval. Also, I'm a bit confused about this draft updating RFC 2409, rather than obsoleting, as it does more than augment 2409 with new algorithms (although, per the detailed comments, it's unclear as to exactly what is changed from RFC 2409). Wouldn't this document be more appropriately a BCP on recommended algorithms since IKEv2 is already planned to obsolete 2409? Detailed comments: ------------------ - Abstract: the current wording is quite unclear. I would suggested changing from: " The required and suggested algorithms in the original IKEv1 specification does not reflect the current reality of IPsec market. It requires allowing weak security and suggests algorithms that are thinly implemented. This document updates RFC 2409, the original specification, and is intended for all IKEv1 implementations deployed today." to: " The required and suggested algorithms in the original IKEv1 specification do not reflect the current reality of the IPsec market requirements. The original specification allows weak security and suggests algorithms that are thinly implemented. This document updates RFC 2409, the original specification, and is intended for all IKEv1 implementations deployed today." - Introduction, page 2: "This document updates RFC by changing..." should be "This document updates RFC 2409 by changing...." (or it should refer to "the RFC"). - Section 3: "Pre-shared secrets" and "SHA-1" as MUSTs aren't new requirements as indicated by that first sentence. So, perhaps it should be spelled out separately that the only requirement(s) that haven't changed from those listed in section 2 are "pre-shared secrets" and "SHA-1". - Section 3: The paragraph beyond the bulleted list isn't very clear at all (and may have some errors). It first lists the following MUSTs and SHOULDs as having changed to MAYs due to cryptographic weakness: " The other algorithms that were listed at MUST-level and SHOULD-level in RFC 2409 are now MAY-level. This includes DES for encryption, MD5 and Tiger for hashing, Diffie-Hellman MODP group 1, Diffie-Hellman MODP groups with elliptic curves, DSA for authentication with signatures, and RSA for authentication with encryption." But, then several of those are stated to have been "dropped due to lack of any significant deployment" later in that paragraph. " Tiger for hashing, Diffie-Hellman MODP groups with elliptic curves, DSA for authentication with signatures, and RSA for authentication with encryption are dropped due to lack of any significant deployment and interoperability." Should this not read "...dropped to MAY due to..." or has their support really been dropped altogether? If the latter is true, then there is an error and these shouldn't be listed in that 2nd paragraph in section 3 (and I think that also substantiates the perspective that this draft obsoletes rather than updates RFC 2409). However, I think the former was intended; in which case, I think that paragraph would read much more clearly to just list separately those that have been dropped to MAY for crytographic weaknesses and those that have been dropped to MAY due to lack of significant deployment. One final suggestion I would make to improve this document would be to add a summary table to augment the text (I had to draw this out myself to understand what the changes were). Listing all the algorithms in the 1st column, with old and new in the 2nd and 3rd columns, something like the following: Algorithm RFC 2409 Recommended -------------------------------------------------------------- DES for encryption MUST MAY (cryptographic weakness) MD5/SHA-1 for hashing MUST MAY (MD5) MUST (SHA-1) Pre-shared secrets MUST MUST ..... Diffie-Hellman MODP groups MAY/ MAY w/elliptic curves SHOULD AES-128 in CBC RFC 3602 SHOULD Diffie-Hellman MODP RFC 3526 SHOULD group 14 |
2004-12-16
|
03 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
2004-12-16
|
03 | Michelle Cotton | IANA Comments: We understand this document to have no IANA Actions. |
2004-12-16
|
03 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson |
2004-12-15
|
03 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman |
2004-12-15
|
03 | David Kessens | [Ballot comment] Comments received from the OPS directorate by Pekka Savola: Good document. Two minor editorial nits to improve the readability a bit. The … [Ballot comment] Comments received from the OPS directorate by Pekka Savola: Good document. Two minor editorial nits to improve the readability a bit. The other algorithms that were listed at MUST-level and SHOULD-level in RFC 2409 are now MAY-level. This includes DES for encryption, MD5 and Tiger for hashing, Diffie-Hellman MODP group 1, Diffie-Hellman MODP groups with elliptic curves, DSA for authentication with signatures, and RSA for authentication with encryption. ==> I'd split to a second paragraph around here, because I first misread this text. DES for encryption, MD5 for hashing, Diffie-Hellman MODP group 1 are dropped to MAY due to cryptographic weakness. Tiger for hashing, Diffie-Hellman MODP groups with elliptic curves, DSA for authentication with signatures, and RSA for authentication with encryption are dropped due to lack of any significant deployment and interoperability. ==> this does not explain why MD5 is dropped for _HMAC functions_ ? |
2004-12-15
|
03 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
2004-12-14
|
03 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Undefined by Ted Hardie |
2004-12-14
|
03 | Ted Hardie | [Ballot comment] Nit in the Introduction: This document updates RFC by changing the algorithm requirements defined there. should be RFC 2409? |
2004-12-14
|
03 | Ted Hardie | [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie |
2004-12-14
|
03 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin |
2004-11-29
|
03 | Scott Hollenbeck | [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
2004-11-28
|
03 | Russ Housley | Telechat date was changed to 2004-12-16 from by Russ Housley |
2004-11-28
|
03 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
2004-11-28
|
03 | Russ Housley | Ballot has been issued by Russ Housley |
2004-11-28
|
03 | Russ Housley | Created "Approve" ballot |
2004-11-28
|
03 | Russ Housley | Placed on agenda for telechat - 2004-12-16 by Russ Housley |
2004-11-28
|
03 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Russ Housley |
2004-11-23
|
02 | (System) | New version available: draft-hoffman-ikev1-algorithms-02.txt |
2004-11-22
|
03 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2004-10-25
|
03 | Amy Vezza | Last call sent |
2004-10-25
|
03 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2004-10-22
|
03 | Russ Housley | Last Call was requested by Russ Housley |
2004-10-22
|
03 | Russ Housley | State Changes to Last Call Requested from AD Evaluation by Russ Housley |
2004-10-22
|
03 | (System) | Ballot writeup text was added |
2004-10-22
|
03 | (System) | Last call text was added |
2004-10-22
|
03 | (System) | Ballot approval text was added |
2004-10-22
|
03 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Russ Housley |
2004-10-22
|
03 | Russ Housley | Draft Added by Russ Housley in state Publication Requested |
2004-10-20
|
01 | (System) | New version available: draft-hoffman-ikev1-algorithms-01.txt |
2004-09-29
|
00 | (System) | New version available: draft-hoffman-ikev1-algorithms-00.txt |