Internet Key Exchange Protocol Version 2 (IKEv2)
draft-ietf-ipsecme-ikev2bis-11
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
11 | (System) | post-migration administrative database adjustment to the No Objection position for Dan Romascanu |
2012-08-22
|
11 | (System) | post-migration administrative database adjustment to the No Objection position for Alexey Melnikov |
2012-08-22
|
11 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
2010-05-24
|
11 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2010-05-24
|
11 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2010-05-24
|
11 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2010-05-20
|
11 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2010-05-20
|
11 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
2010-05-20
|
11 | (System) | IANA Action state changed to In Progress |
2010-05-20
|
11 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2010-05-20
|
11 | Cindy Morgan | IESG has approved the document |
2010-05-20
|
11 | Cindy Morgan | Closed "Approve" ballot |
2010-05-18
|
11 | Alexey Melnikov | [Ballot Position Update] Position for Alexey Melnikov has been changed to No Objection from Discuss by Alexey Melnikov |
2010-05-17
|
11 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley |
2010-05-17
|
11 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2010-05-17
|
11 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-11.txt |
2010-05-17
|
11 | Dan Romascanu | [Ballot Position Update] Position for Dan Romascanu has been changed to No Objection from Discuss by Dan Romascanu |
2010-05-14
|
11 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
2010-05-07
|
11 | (System) | Removed from agenda for telechat - 2010-05-06 |
2010-05-06
|
11 | Cindy Morgan | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan |
2010-05-06
|
11 | Russ Housley | [Ballot comment] Please consider the minor and editorial the Gen-ART Review by Elwyn Davies on 4 May 2010. |
2010-05-06
|
11 | Russ Housley | [Ballot discuss] The Gen-ART Review by Elwyn Davies on 4 May 2010 raised a question that deserves consideration. Elwyn said: > > … [Ballot discuss] The Gen-ART Review by Elwyn Davies on 4 May 2010 raised a question that deserves consideration. Elwyn said: > > s3.3.4: The draft states that the list of mandatory to implement > suites has been removed due to evolution going too fast. However > there are effectively some mandatory to implement suites; they are > listed in other documents. There should be a way of finding them > so that users and implmenters can find them easily. > Inclusion of a informative reference seems reasonable. There could be warning that the algorithm document is likely to be updated without a corresponding update to the protocol. The RFC index will tell the community when the algorithm document is revised. |
2010-05-06
|
11 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2010-05-06
|
11 | Robert Sparks | [Ballot comment] 198.51.100.66 doesn't seem to reconcile with RFC3330? |
2010-05-06
|
11 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks |
2010-05-06
|
11 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
2010-05-06
|
11 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel |
2010-05-06
|
11 | Adrian Farrel | [Ballot comment] A fine piece of work, and I admire the way you have avoided paying the page-break tax. Amongst all the bogus reference warnings... … [Ballot comment] A fine piece of work, and I admire the way you have avoided paying the page-break tax. Amongst all the bogus reference warnings... Section 6 s/[IKEv2]/[IKEV2]/ |
2010-05-06
|
11 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo |
2010-05-06
|
11 | Dan Romascanu | [Ballot discuss] Before approving this document I would like to receive some clarifications about the compatibility of the implementations of RFC 4306 and of this … [Ballot discuss] Before approving this document I would like to receive some clarifications about the compatibility of the implementations of RFC 4306 and of this document when deployed in a network. All quoted text is in section 1.7: > The protocol described in this document retains the same major version number (2) and minor version number (0) as was used in RFC 4306. That is, the version number is *not* changed from RFC 4306. This translates for me to the fact that implementations of hosts supporting 4306 and this document can be freely mixed. However, the following changes could possibly lead to interoperability problems. This document removes the allowance for rejecting messages where the payloads were not in the "right" order; now implementations MUST NOT reject them. This is due to the lack of clarity where the orders for the payloads are described. Implementations of 4306 would still reject messages where the payloads were not in the "right" order. Would that not cause interoperabolity problems? In section 1.3.2, changed "The KEi payload SHOULD be included" to be "The KEi payload MUST be included". This also led to changes in section 2.18. Implementations of 4306 may still not include the KEi payload. Would that not cause interoperability problems? Section 2.18 requires doing a Diffie-Hellman exchange when rekeying the IKE_SA. In theory, RFC 4306 allowed a policy where the Diffie- Hellman exchange was optional, but this was not useful (or appropriate) when rekeying the IKE_SA. Implementations of 4306 may still not do a Diffie-Hellman exchange when rekeying based on policies allowed for that version. Would that not be an interoperability problem? |
2010-05-06
|
11 | Dan Romascanu | [Ballot Position Update] Position for Dan Romascanu has been changed to Discuss from No Objection by Dan Romascanu |
2010-05-06
|
11 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2010-05-04
|
11 | Russ Housley | [Ballot comment] Please consider the minor and editorial the Gen-ART Review by Elwyn Davies on 4 May 2010. |
2010-05-04
|
11 | Russ Housley | [Ballot discuss] The Gen-ART Review by Elwyn Davies on 4 May 2010 raised a question that deserves consideration. Elwyn said: > > … [Ballot discuss] The Gen-ART Review by Elwyn Davies on 4 May 2010 raised a question that deserves consideration. Elwyn said: > > s3.3.4: The draft states that the list of mandatory to implement > suites has been removed due to evolution going too fast. However > there are effectively some mandatory to implement suites; they are > listed in other documents. There should be a way of finding them > so that users and implmenters can find them easily. > Inclusion of a normative reference seems reasonable. There could be warning that the algorithm document is likely to be updated without a corresponding update to the protocol. The RFC index will tell the community when the algorithm document is revised. |
2010-05-04
|
11 | Russ Housley | [Ballot Position Update] New position, Discuss, has been recorded by Russ Housley |
2010-05-04
|
11 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Tom Yu. |
2010-05-02
|
11 | Alexey Melnikov | [Ballot discuss] This is trivial, but references to HTTP and URI specs should be Normative. |
2010-05-02
|
11 | Alexey Melnikov | [Ballot Position Update] New position, Discuss, has been recorded by Alexey Melnikov |
2010-04-14
|
11 | Sean Turner | Placed on agenda for telechat - 2010-05-06 by Sean Turner |
2010-04-14
|
11 | Sean Turner | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Sean Turner |
2010-04-14
|
11 | Sean Turner | [Note]: 'Yaron Sheffer (yaronf@checkpoint.com) is the document shepherd.' added by Sean Turner |
2010-04-14
|
11 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2010-04-14
|
11 | Sean Turner | Ballot has been issued by Sean Turner |
2010-04-14
|
11 | Sean Turner | Created "Approve" ballot |
2010-04-14
|
10 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-10.txt |
2010-04-08
|
09 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-09.txt |
2010-03-30
|
11 | Tim Polk | [Note]: 'Yaron Sheffer (yaronf@checkpoint.com) is the document shepherd.' added by Tim Polk |
2010-03-30
|
11 | Tim Polk | Responsible AD has been changed to Sean Turner from Tim Polk |
2010-03-18
|
11 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2010-03-17
|
11 | Amanda Baber | IANA questions/comments: - This document doesn't appear to contain all the information associated with the assignments defined by RFC4306. Would it be more appropriate … IANA questions/comments: - This document doesn't appear to contain all the information associated with the assignments defined by RFC4306. Would it be more appropriate to add this document as a reference, rather than replace the references? Upon approval of this document, IANA will do the following: Note that there is a question to the authors. See "QUESTION" below. ACTION 1: Make the following changes in "Internet Key Exchange Version 2 (IKEv2) Parameters" registry located at http://www.iana.org/assignments/ikev2-parameters , sub-registry "IKEv2 Configuration Payload Attribute Types" Value Attribute Type Multi-Valued Length Reference ----------- -------------------------- ------------ -------------- --------- OLD: 5 INTERNAL_ADDRESS_EXPIRY NO 0 or 4 octets [RFC4306] 11 INTERNAL_IP6_NBNS YES 0 or 16 octets [RFC4306] NEW: 5 Unassigned 11 Unassigned QUESTION: Should the removed values be tagged as "Unassigned" or "Reserved"? The latter would then garantee that value won't be reused for a future assignment. ACTION 2: Make the following assignments in "Internet Key Exchange Version 2 (IKEv2) Parameters" registry located at http://www.iana.org/assignments/ikev2-parameters , sub-registry "IKEv2 Notify Message Types - Error Types" Value NOTIFY MESSAGES - ERROR TYPES Reference ------------ -------------------------------- --------- TBA1 TEMPORARY_FAILURE [RFC-ipsecme-ikev2bis-08] TBA2 CHILD_SA_NOT_FOUND [RFC-ipsecme-ikev2bis-08] ACTION 3: Make the following change in "Internet Key Exchange Version 2 (IKEv2) Parameters" registry located at http://www.iana.org/assignments/ikev2-parameters , sub-registry "IKEv2 Payload Types" Value Next Payload Type Notation Reference -------- ------------------------------- --------- --------- OLD: 46 Encrypted E [RFC4306] NEW: 46 Encrypted and Authenticated SK [RFC-ipsecme-ikev2bis-08] ACTION 4: Make the following changes in "Internet Key Exchange Version 2 (IKEv2) Parameters" registry located at http://www.iana.org/assignments/ikev2-parameters Change all references of [RFC4306] to [RFC-ipsecme-ikev2bis-08] in all sub-registries. |
2010-03-06
|
11 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Tom Yu |
2010-03-06
|
11 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Tom Yu |
2010-03-04
|
11 | Cindy Morgan | Last call sent |
2010-03-04
|
11 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
2010-03-04
|
11 | Cindy Morgan | Document write up for: draft-ietf-ipsecme-ikev2bis-08 (1.a) Who is the Document Shepherd for this document? Has the … Document write up for: draft-ietf-ipsecme-ikev2bis-08 (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? Yaron Sheffer, co-chair of the IPsecME WG, is Shepherd for this document. I have reviewed this version and believe it is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document is the core WG document, and has had a huge amount of review by many WG members. This is evidenced by over a hundred issues that were opened against this document - and closed by the WG. I have no concerns regarding the quality of review. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? I am not aware of any particular additional community that needs to review this document. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. I have no such concerns. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is solid consensus behind this document. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No extreme discontent. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See the Internet-Drafts Checklist and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? There are some "glitches" reported by the IDnits tool, I have verified each one and none of them is real. Otherwise, the document strictly abides by the checklist. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. References are split. I have found this references to an Informational RFC: RFC 3447 (PKCS#1). (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? The document uses the established IANA IKEv2 infrastructure, with very slight changes which are well documented. Tero Kivinen is the appointed expert for IKEv2, and by induction, for IKEv2-bis. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There are no such sections. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations (SAs). This document replaces and updates RFC 4306, and includes all of the clarifications from RFC 4718. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? There were no notable issues with the WG process. There were the usual heated discussions, one of which had to be resolved by a design team. But the eventual result has a wide consensus. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? There are multiple implementations of the IKEv2 protocol. Since this document essentially clarifies the protocol (with only a tiny amount of actual protocol changes), we expect all IPsec vendors to ensure that their implementation is in line with this document. |
2010-03-04
|
11 | Cindy Morgan | [Note]: 'Yaron Sheffer (yaronf@checkpoint.com) is the document shepherd.' added by Cindy Morgan |
2010-03-04
|
11 | Tim Polk | State Changes to Last Call Requested from Publication Requested by Tim Polk |
2010-03-04
|
11 | Tim Polk | Last Call was requested by Tim Polk |
2010-03-04
|
11 | (System) | Ballot writeup text was added |
2010-03-04
|
11 | (System) | Last call text was added |
2010-03-04
|
11 | (System) | Ballot approval text was added |
2010-03-04
|
11 | Tim Polk | Draft Added by Tim Polk in state Publication Requested |
2010-03-01
|
08 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-08.txt |
2010-01-20
|
07 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-07.txt |
2009-12-09
|
06 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-06.txt |
2009-10-05
|
05 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-05.txt |
2009-07-08
|
04 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-04.txt |
2009-04-24
|
03 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-03.txt |
2009-02-27
|
02 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-02.txt |
2008-10-30
|
01 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-01.txt |
2008-08-26
|
00 | (System) | New version available: draft-ietf-ipsecme-ikev2bis-00.txt |