Cryptographic Suites for IPsec
RFC 4308
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2020-01-21
|
06 | (System) | Received changes through RFC Editor sync (added Verified Errata tag) |
|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Thomas Narten |
|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the Yes position for Russ Housley |
|
2005-12-27
|
06 | (System) | This was part of a ballot set with: draft-ietf-ipsec-ikev2-algorithms |
|
2005-12-27
|
06 | Amy Vezza | State Changes to RFC Published from RFC Ed Queue by Amy Vezza |
|
2005-12-27
|
06 | Amy Vezza | [Note]: 'RFC 4308' added by Amy Vezza |
|
2005-12-22
|
06 | (System) | RFC published |
|
2004-09-27
|
06 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2004-09-23
|
06 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2004-09-23
|
06 | Amy Vezza | IESG has approved the document |
|
2004-09-23
|
06 | Amy Vezza | Closed "Approve" ballot |
|
2004-09-22
|
06 | Russ Housley | State Changes to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup by Russ Housley |
|
2004-04-22
|
06 | Russ Housley | State Changes to Approved-announcement to be sent::AD Followup from IESG Evaluation::Revised ID Needed by Russ Housley |
|
2004-04-22
|
06 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to No Objection from Discuss by Thomas Narten |
|
2004-04-21
|
06 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to Yes from Discuss by Russ Housley |
|
2004-04-20
|
06 | Russ Housley | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Russ Housley |
|
2004-04-14
|
06 | (System) | New version available: draft-ietf-ipsec-ui-suites-06.txt |
|
2004-04-12
|
05 | (System) | New version available: draft-ietf-ipsec-ui-suites-05.txt |
|
2004-04-08
|
06 | Russ Housley | [Ballot discuss] In section 4.1.1, please change 3DES-CBC to a MUST-. In section 4.1.2, please change MODP group 2 to a MUST-. In section 4.1.3, … [Ballot discuss] In section 4.1.1, please change 3DES-CBC to a MUST-. In section 4.1.2, please change MODP group 2 to a MUST-. In section 4.1.3, please change ENCR_3DES to a MUST-. |
|
2004-04-08
|
06 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to Discuss from Yes by Russ Housley |
|
2004-04-05
|
06 | Thomas Narten | [Ballot comment] In draft-ietf-ipsec-ikev2-algorithms-04.txt The scope of this document could be a bit clearer, i.e, that the transforms are about IKE, and not IPsec. Rewording … [Ballot comment] In draft-ietf-ipsec-ikev2-algorithms-04.txt The scope of this document could be a bit clearer, i.e, that the transforms are about IKE, and not IPsec. Rewording suggestion. Change: > The Internet Key Exchange protocol provides for the negotiation of > cryptographic algorithms between both end points of a cryptographic > association. Different implementations of IPSec and IKE may provide > different algorithms. However the IETF desires that all implementations > should have some way to interoperate. This requires that some set of > algorithms be specified as "mandatory to implement." To something like: The Internet Key Exchange protocol provides for the negotiation of cryptographic algorithms between both end points of a cryptographic association. Different implementations of IPSec and IKE may provide different algorithms. However the IETF desires that all implementations should have some way to interoperate. In particular, this requires that IKE define a set of mandatory-to-implement algorithms, since IKE itself uses such algorithms as part of its own negotiations. This requires that some set of algorithms be specified as "mandatory to implement" for IKE. > Exchange (IKE [RFC2409] and IKEv2 [IKEv2]) provide a mechanism to > negotiate which algorithms should be used in any even association. what does "in any even association" mean? > is necessary to specify a set of mandatory to implement algorithms to mandatory-to-implement (multiple places) > available. This document defines the current set of mandatory to > implement algorithms for use of IKEv2 as well as specifying algorithms > that should be implemented because they made be promoted to mandatory > at some future time. what does it mean "for use of"? to allow IKEv2 itself to negotiate phase II? Suggested reword: This document defines the current set of algorithms that are mandatory to implement as part of IKEv2, as well as algorithms that should be implemented because they may be promoted to mandatory at some future time. > There are several MODP groups that are defined for use in IKEv2. They expand/define MODP? |
|
2004-04-05
|
06 | Thomas Narten | [Ballot comment] The scope of this document could be a bit clearer, i.e, that the transforms are about IKE, and not IPsec. Rewording suggestion. Change: … [Ballot comment] The scope of this document could be a bit clearer, i.e, that the transforms are about IKE, and not IPsec. Rewording suggestion. Change: > The Internet Key Exchange protocol provides for the negotiation of > cryptographic algorithms between both end points of a cryptographic > association. Different implementations of IPSec and IKE may provide > different algorithms. However the IETF desires that all implementations > should have some way to interoperate. This requires that some set of > algorithms be specified as "mandatory to implement." To something like: The Internet Key Exchange protocol provides for the negotiation of cryptographic algorithms between both end points of a cryptographic association. Different implementations of IPSec and IKE may provide different algorithms. However the IETF desires that all implementations should have some way to interoperate. In particular, this requires that IKE define a set of mandatory-to-implement algorithms, since IKE itself uses such algorithms as part of its own negotiations. This requires that some set of algorithms be specified as "mandatory to implement" for IKE. > Exchange (IKE [RFC2409] and IKEv2 [IKEv2]) provide a mechanism to > negotiate which algorithms should be used in any even association. what does "in any even association" mean? > is necessary to specify a set of mandatory to implement algorithms to mandatory-to-implement (multiple places) > available. This document defines the current set of mandatory to > implement algorithms for use of IKEv2 as well as specifying algorithms > that should be implemented because they made be promoted to mandatory > at some future time. what does it mean "for use of"? to allow IKEv2 itself to negotiate phase II? Suggested reword: This document defines the current set of algorithms that are mandatory to implement as part of IKEv2, as well as algorithms that should be implemented because they may be promoted to mandatory at some future time. > There are several MODP groups that are defined for use in IKEv2. They expand/define MODP? |
|
2004-04-05
|
06 | Thomas Narten | [Ballot discuss] In: - draft-ietf-ipsec-ui-suites-04.txt Cryptographic Suites for IPsec (Proposed Standard) > A. IANA Considerations > > IANA will create a … [Ballot discuss] In: - draft-ietf-ipsec-ui-suites-04.txt Cryptographic Suites for IPsec (Proposed Standard) > A. IANA Considerations > > IANA will create a registry of strings used to identify cryptographic > suites for IPsec. The entries in the registry will consist of a string > and the RFC that defines the string. > > The initial values for the new registry are: > > Identifier Defined in > VPN-A RFC [this document] > VPN-B RFC [this document] IANA considerations needs to be clearer. Something like the following would be more clear: IANA is asked to create and maintain a registry entitled "IPsec Cryptographic Suites". The registry consists of a string [XXX: does it have any syntax or can it be literally anything??] and an RFC number defining the associated transforms. New entries can be added to the registry only through RFC publication [XXX: is there any review required? Can anyone publishing any RFC ask to be listed?] The initial values for the new registry are: Identifier Defined in VPN-A RFC [this document] VPN-B RFC [this document] |
|
2004-04-05
|
06 | Thomas Narten | [Ballot discuss] > A. IANA Considerations > > IANA will create a registry of strings used to identify cryptographic > suites for IPsec. The entries … [Ballot discuss] > A. IANA Considerations > > IANA will create a registry of strings used to identify cryptographic > suites for IPsec. The entries in the registry will consist of a string > and the RFC that defines the string. > > The initial values for the new registry are: > > Identifier Defined in > VPN-A RFC [this document] > VPN-B RFC [this document] IANA considerations needs to be clearer. Something like the following would be more clear: IANA is asked to create and maintain a registry entitled "IPsec Cryptographic Suites". The registry consists of a string [XXX: does it have any syntax or can it be literally anything??] and an RFC number defining the associated transforms. New entries can be added to the registry only through RFC publication [XXX: is there any review required? Can anyone publishing any RFC ask to be listed?] The initial values for the new registry are: Identifier Defined in VPN-A RFC [this document] VPN-B RFC [this document] |
|
2004-04-05
|
06 | Thomas Narten | [Ballot Position Update] New position, Discuss, has been recorded for Thomas Narten by Thomas Narten |
|
2004-04-02
|
06 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
|
2004-04-02
|
06 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Amy Vezza |
|
2004-04-02
|
06 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
|
2004-04-02
|
06 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin |
|
2004-04-02
|
06 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
|
2004-04-02
|
06 | Jon Peterson | [Ballot Position Update] Position for Jon Peterson has been changed to Yes from Undefined by Jon Peterson |
|
2004-04-02
|
06 | Jon Peterson | [Ballot Position Update] New position, Undefined, has been recorded for Jon Peterson by Jon Peterson |
|
2004-04-01
|
06 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
|
2004-04-01
|
06 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
|
2004-04-01
|
06 | Harald Alvestrand | [Ballot comment] draft-ietf-ipsec-ui-suites was reviewed by John Loughney, Gen-ART. He pointed out that this document does NOT define an IANA registry for suite names, and … [Ballot comment] draft-ietf-ipsec-ui-suites was reviewed by John Loughney, Gen-ART. He pointed out that this document does NOT define an IANA registry for suite names, and that it's extremely unclear how (or if) suite names should be "registered" in the future. Given the amount of "reservation" of the strings "VPN-A" and "VPN-B" the document tries to do, that's odd. Complete review entered as a document comment. |
|
2004-04-01
|
06 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand |
|
2004-03-29
|
06 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Undefined by Ted Hardie |
|
2004-03-29
|
06 | Ted Hardie | [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie |
|
2004-03-25
|
06 | Steven Bellovin | [Ballot Position Update] New position, Yes, has been recorded for Steve Bellovin by Steve Bellovin |
|
2004-03-25
|
06 | Scott Hollenbeck | [Ballot comment] I would suggest expanding the UI acronym on first use in draft-ietf-ipsec-ui-suites. |
|
2004-03-25
|
06 | (System) | Ballot has been issued |
|
2004-03-25
|
06 | Scott Hollenbeck | [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
|
2004-03-25
|
06 | Scott Hollenbeck | Created "Approve" ballot |
|
2004-03-23
|
06 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Russ Housley |
|
2004-03-23
|
06 | Russ Housley | Telechat date was changed to 2004-04-02 from by Russ Housley |
|
2004-03-23
|
06 | Russ Housley | Merged with draft-ietf-ipsec-ikev2-algorithms by Russ Housley |
|
2004-03-23
|
06 | Russ Housley | Merged with draft-ietf-ipsec-ikev2-algorithms by Russ Housley |
|
2004-03-23
|
06 | Russ Housley | Merged with draft-ietf-ipsec-ikev2-algorithms by Russ Housley |
|
2004-03-22
|
06 | Russ Housley | State Changes to Waiting for AD Go-Ahead from In Last Call by Russ Housley |
|
2004-02-27
|
06 | Amy Vezza | Last call sent |
|
2004-02-27
|
06 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
|
2004-02-27
|
06 | Russ Housley | State Changes to Last Call Requested from AD Evaluation by Russ Housley |
|
2004-02-27
|
06 | Russ Housley | Last Call was requested by Russ Housley |
|
2004-02-27
|
06 | (System) | Ballot writeup text was added |
|
2004-02-27
|
06 | (System) | Last call text was added |
|
2004-02-27
|
06 | (System) | Ballot approval text was added |
|
2003-12-17
|
06 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Russ Housley |
|
2003-10-13
|
06 | Russ Housley | Draft Added by Russ Housley |
|
2003-08-20
|
04 | (System) | New version available: draft-ietf-ipsec-ui-suites-04.txt |
|
2003-07-31
|
03 | (System) | New version available: draft-ietf-ipsec-ui-suites-03.txt |
|
2003-07-29
|
02 | (System) | New version available: draft-ietf-ipsec-ui-suites-02.txt |
|
2003-06-13
|
01 | (System) | New version available: draft-ietf-ipsec-ui-suites-01.txt |
|
2003-05-29
|
00 | (System) | New version available: draft-ietf-ipsec-ui-suites-00.txt |