Skip to main content

IKEv2 Clarifications and Implementation Guidelines
RFC 4718

Revision differences

Document history

Date Rev. By Action
2020-01-21
09 (System) Received changes through RFC Editor sync (added Verified Errata tag)
2016-11-30
09 (System) Closed request for Early review by SECDIR with state 'Unknown'
2015-10-14
09 (System) Notify list changed from paul.hoffman@vpnc.org, pasi.eronen@nokia.com to (None)
2013-02-23
(System) Posted related IPR disclosure: SSH Communications Security Corporation's Statement about IPR related to RFC 4718
2012-08-22
09 (System) post-migration administrative database adjustment to the Yes position for Sam Hartman
2006-11-08
09 (System) Request for Early review by SECDIR Completed. Reviewer: Derek Atkins.
2006-11-08
09 (System) Request for Early review by SECDIR is assigned to Steven Bellovin
2006-11-08
09 (System) Request for Early review by SECDIR is assigned to Steven Bellovin
2006-11-04
09 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2006-11-04
09 Amy Vezza [Note]: 'RFC 4718' added by Amy Vezza
2006-10-27
09 (System) RFC published
2006-07-14
09 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2006-07-10
09 Amy Vezza IESG state changed to Approved-announcement sent
2006-07-10
09 Amy Vezza IESG has approved the document
2006-07-10
09 Amy Vezza Closed "Approve" ballot
2006-07-10
09 Russ Housley State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley
2006-06-28
09 Sam Hartman [Ballot Position Update] Position for Sam Hartman has been changed to Yes from Discuss by Sam Hartman
2006-05-25
09 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation - Defer by Amy Vezza
2006-05-25
09 Sam Hartman
[Ballot discuss]
Based on the most recent mail from Steve Kent, the text in 7.1 is
inaccurate in the following way.

If you are matching …
[Ballot discuss]
Based on the most recent mail from Steve Kent, the text in 7.1 is
inaccurate in the following way.

If you are matching against the PAD using ip addresses, then these ip
addresses must be used to look up policy in the SPD.  That requires
them to influence the traffic selectors.  So, the IP address you claim
as an Id will indirectly appear in the traffic selectors.
2006-05-25
09 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko by Jari Arkko
2006-05-25
09 Lisa Dusseault [Ballot Position Update] New position, No Objection, has been recorded for Lisa Dusseault by Lisa Dusseault
2006-05-25
09 Sam Hartman
[Ballot discuss]
Section 7.1 is under active discussion between the authors, Steve Kent
and myself.  I need to read the last message in that discussion …
[Ballot discuss]
Section 7.1 is under active discussion between the authors, Steve Kent
and myself.  I need to read the last message in that discussion and
understand it.  I will either agree that answers the question or
replace this discuss and will do so by close of business May 25.
2006-05-25
09 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded for Ross Callon by Ross Callon
2006-05-25
09 David Kessens [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens
2006-05-25
09 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded for Dan Romascanu by Dan Romascanu
2006-05-24
09 Ted Hardie [Ballot Position Update] New position, No Objection, has been recorded for Ted Hardie by Ted Hardie
2006-05-24
09 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded for Cullen Jennings by Cullen Jennings
2006-05-24
09 Sam Hartman
[Ballot comment]
Is the recommendation in section 5.9 that the original ike initiator
can change on an IKE SA rekey consistent with mobike?  Does that …
[Ballot comment]
Is the recommendation in section 5.9 that the original ike initiator
can change on an IKE SA rekey consistent with mobike?  Does that mean
that in the case of mobike, you want to make sure only the original
initiator rekeys in order to avoid changing which side nat works best
with?

I'm not sure I agree with the text in 7.1 that claims the IP address
ID payloads don't impact the traffic selectors.  As far as a direct
implication, it is true.  However you do search the SPD based on the
IP address payload and that does effect traffic selectors.  For
example I don't see how to configure the SPD to allow someone claiming
an Id of 10.0.0.6 to match a policy that doesn't have 10.0.0.6 in one
of the traffic selectors.
2006-05-24
09 Sam Hartman [Ballot Position Update] New position, Discuss, has been recorded for Sam Hartman by Sam Hartman
2006-05-24
09 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded for Magnus Westerlund by Magnus Westerlund
2006-05-23
09 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert by Lars Eggert
2006-05-12
09 (System) Removed from agenda for telechat - 2006-05-11
2006-05-10
09 Brian Carpenter [Ballot Position Update] New position, No Objection, has been recorded for Brian Carpenter by Brian Carpenter
2006-05-08
09 Sam Hartman State Changes to IESG Evaluation - Defer from IESG Evaluation by Sam Hartman
2006-05-07
09 Russ Housley
[Ballot comment]
Section 5.11.8 says:
  >
  > If host A did receive it, it will move the CHILD_SA to the new IKE_SA
  …
[Ballot comment]
Section 5.11.8 says:
  >
  > If host A did receive it, it will move the CHILD_SA to the new IKE_SA
  > as usual, and the state information will then be out of sync.
  >
  s/out of sync/unsynchronized/

  Section 7.2 says:
  >
  > The IKEv2 specification refers to [RFC4301], but it never makes
  > clearly defines the exact relationship is.
  >
  Suggested rewording:
  >
  > The IKEv2 specification refers to [RFC4301], but it the relationship
  > between the two ddocuments is not clear.

  Section 7.7 says:
  >
  > Note that such notifications are explicitly not Informational exchanges;
  > Section 1.5 makes it clear that these are one-way messages that must not
  > be responded to.
  >
  Suggested rewording:
  >
  > Note that such notifications are explicitly not Informational exchanges;
  > Section 1.5 makes it clear that these are one-way messages, and the
  > recipient must not responded to them.
2006-05-07
09 Russ Housley Placed on agenda for telechat - 2006-05-11 by Russ Housley
2006-05-07
09 Russ Housley State Changes to IESG Evaluation from Waiting for Writeup by Russ Housley
2006-05-07
09 Russ Housley [Ballot Position Update] New position, Yes, has been recorded for Russ Housley
2006-05-07
09 Russ Housley Ballot has been issued by Russ Housley
2006-05-07
09 Russ Housley Created "Approve" ballot
2006-05-05
09 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-09.txt
2006-05-03
09 (System) State has been changed to Waiting for Writeup from In Last Call by system
2006-04-24
09 Michelle Cotton
IANA Last Call Comments:

As described in the IANA Considerations section, we understand this document to have NO
IANA Actions.

(The IPSEC IANA Considerations section, …
IANA Last Call Comments:

As described in the IANA Considerations section, we understand this document to have NO
IANA Actions.

(The IPSEC IANA Considerations section, appears to give the community
instructions/information about the existing registries, however this section does not
appear to request action by IANA)
2006-04-19
09 Amy Vezza Last call sent
2006-04-19
09 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2006-04-18
09 Russ Housley Last Call was requested by Russ Housley
2006-04-18
09 Russ Housley State Changes to Last Call Requested from AD Evaluation by Russ Housley
2006-04-18
09 (System) Ballot writeup text was added
2006-04-18
09 (System) Last call text was added
2006-04-18
09 (System) Ballot approval text was added
2006-04-18
09 Russ Housley Intended Status has been changed to Informational from Proposed Standard
2006-04-18
09 Russ Housley State Changes to AD Evaluation from Publication Requested by Russ Housley
2006-04-05
09 Russ Housley Draft Added by Russ Housley in state Publication Requested
2006-02-22
08 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-08.txt
2006-02-02
07 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-07.txt
2005-10-26
06 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-06.txt
2005-09-12
05 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-05.txt
2005-07-15
04 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-04.txt
2005-06-02
03 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-03.txt
2005-03-28
02 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-02.txt
2005-02-17
01 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-01.txt
2005-02-04
00 (System) New version available: draft-eronen-ipsec-ikev2-clarifications-00.txt