Guidelines for Specifying the Use of IPsec Version 2
RFC 5406

Note: This ballot was opened for revision 10 and is now closed.

(Sam Hartman) Discuss

Discuss (2007-12-02 for -)
Also, please note that section 8 of this specification only coversn
IKEV1.  There are additional requirements for what needs to be
specified for IKEV2 not covered in your spec.  You need to make it
clear that this only covers 2401-based IPsec.  The current text
implies that applications could simply say to use IKEV2.  If they do
that they are outside the scope of this BCP.  That needs to be made
clear.

In particular, the reference to EAP for IKEV2 and the claim that you
need to specify what version of IKE is inappropriate in this document.
Comment (2007-03-05 for -)
No email
send info
Kink has been defined and implementations are available; please update the text.

One requirement of IPsec is that a server must define policy entries
that determine whether traffic will be protected ahead of time.  This
for example typically means that you cannot run a server that supports
both secure and insecure traffic without using multiple ports.  You
should point this out.

(Russ Housley) Yes

(Tim Polk) (was No Record, Discuss, No Objection, Yes) Yes

(Jari Arkko) (was Discuss) No Objection

Comment (2007-10-09)
No email
send info
Only partially tongue-in-cheek, perhaps the
document should be clearer in making a recommendation on
the use of IPsec for applications. For instance, "The
use of IPsec as a security mechanism for any other purpose
than VPNs is NOT RECOMMENDED, and should only be attempted
after careful analysis that such usage is indeed the best
option."

(Ross Callon) (was Discuss) No Objection

(Brian Carpenter) No Objection

(Lars Eggert) (was Discuss) No Objection

(Bill Fenner) No Objection

Comment (2007-03-08 for -)
No email
send info
I realize this has been in the works for some time now, but it seems a little odd that it only talks about "ipsec v2" when we are seeing security reviews criticizing documents for not having adapted the "ipsec v3" model.  It's excellent to have a guidance document, but will this document guide authors towards something that will cause problems at secdir review time?

(Ted Hardie) No Objection

Comment (2007-03-07 for -)
No email
send info
I have a small concern that the tone of the document may turn off the intended audience, by appearing to talk down to them.  Two examples, along with concrete suggestions, are given
below, but the problem is fairly general and other approaches might have the same result.  This
comment is, of course, non-blocking and the document can go forward without any change if
the author and IESG are not concerned with this issue.

OLD:

2.  WARNING

   The design of security protocols is a subtle and difficult art.  The
   cautions here about specifying use of IPsec should NOT be taken to
   mean that that you should invent your own new security protocol for
   each new application.  If IPsec is a bad choice, use another
   standardized, well-understood security protocol.  Don't roll your
   own.

NEW:

2.  WARNING

   The cautions here about specifying use of IPsec should NOT be taken to
   mean that that you should invent your own new security protocol for
   each new application.  If IPsec is a bad choice, using another
   standardized, well-understood security protocol will generally give the
   best results for both implementation and deployment.  The design of security 
   protocols is a difficult art; rolling out a new protocol will require
   extensive work to confirm its security properties and will incur both
   delay and uncertainty.

OLD:

 Selectors        The issue of selectors is easy.  BGP already runs
                    between manually-configured pairs of hosts on TCP
                    port 179.  The appropriate selector would be the
                    pair of BGP speakers, for that port only.  Note that
                    the router's "loopback address" is almost certainly
                    the address to use.

   Mode             Clearly, transport mode is the proper choice.  The
                    information being communicated is generally not
                    confidential, so encryption need not be used.
                    Either AH or ESP can be used; if ESP is used, the
                    sender's IP address would need to be checked against
                    the IP address asserted in the key management
                    exchange.  (This check is mandated by [RFC2401].)
                    For the sake of interoperability, the RFC author
                    should pick one.
NEW:

 Selectors      BGP runs between manually-configured pairs of hosts on TCP
                    port 179.  The appropriate selector would be the
                    pair of BGP speakers, for that port only.  Note that
                    the router's "loopback address" is almost certainly
                    the address to use.

   Mode           Transport mode would likely be the proper choice if IPSec
                      were used.  The information being communicated is generally not
                    confidential, so encryption need not be used.
                    Either AH or ESP could be used; if ESP were used, the
                    sender's IP address would need to be checked against
                    the IP address asserted in the key management
                    exchange.  (This check is mandated by [RFC2401].)
                    For the sake of interoperability, either AH or ESP 
                    would need to be mandatory to implement.

(Cullen Jennings) No Objection

Comment (2007-03-06 for -)
No email
send info
I liked this document and think it will be very useful but one line made me wonder if it really was true. 

The document says "Furthermore, there is no global PKI for the Internet and probably never will be one." I would venture a wild guess that 100's of millions of people covering every country in the world regularly use HTTPS with approximately the root CA list Internet Explorer provides to achieve some security goals. I can understand the argument that this is not a good PKI, but I have a very hard time imagining why it is not a global PKI. Perhaps there is some special meaning in the terms of art that I do not understand but if that is the case, I suspect that the target audience for this document would not understand them either. 

That said, I don't think changing this line one way or the other changes the value of this document.

(David Kessens) No Objection

(Chris Newman) No Objection

Comment (2007-08-30 for -)
No email
send info
Carrying forward Ted's no objection vote.

(Jon Peterson) No Objection

(Dan Romascanu) No Objection

Comment (2007-03-08 for -)
No email
send info
The Introduction Section says:

 'This document describes how to specify the use of IPsec Version 2
   [RFC2401], including ESPv2 [RFC2406], AHv2 [RFC2402], and IKEv1
   [RFC2409].  A separate document will describe the IPsec Version3
   suite [RFC4301] [RFC4302] [RFC4303] [RFC4306].'

Should not the title reflect this and be 'Guidelines for Mandating the Use of IPsec Version 2', while the future separate document will refer to IPsec Version 3?

(Mark Townsley) (was Discuss) No Objection

Comment (2007-03-08)
No email
send info
Comment copied from Ted Hardie as he is leaving soon, this is related to my Discuss.

[2007-03-07] I have a small concern that the tone of the document may turn off the intended audience, by appearing to talk down to them.  Two examples, along with concrete suggestions, are given
below, but the problem is fairly general and other approaches might have the same result.  This
comment is, of course, non-blocking and the document can go forward without any change if
the author and IESG are not concerned with this issue.

OLD:

2.  WARNING

  The design of security protocols is a subtle and difficult art.  The
  cautions here about specifying use of IPsec should NOT be taken to
  mean that that you should invent your own new security protocol for
  each new application.  If IPsec is a bad choice, use another
  standardized, well-understood security protocol.  Don't roll your
  own.

NEW:

2.  WARNING

  The cautions here about specifying use of IPsec should NOT be taken to
  mean that that you should invent your own new security protocol for
  each new application.  If IPsec is a bad choice, using another
  standardized, well-understood security protocol will generally give the
  best results for both implementation and deployment.  The design of security 
  protocols is a difficult art; rolling out a new protocol will require
  extensive work to confirm its security properties and will incur both
  delay and uncertainty.

OLD:

Selectors        The issue of selectors is easy.  BGP already runs
                    between manually-configured pairs of hosts on TCP
                    port 179.  The appropriate selector would be the
                    pair of BGP speakers, for that port only.  Note that
                    the router's "loopback address" is almost certainly
                    the address to use.

  Mode            Clearly, transport mode is the proper choice.  The
                    information being communicated is generally not
                    confidential, so encryption need not be used.
                    Either AH or ESP can be used; if ESP is used, the
                    sender's IP address would need to be checked against
                    the IP address asserted in the key management
                    exchange.  (This check is mandated by [RFC2401].)
                    For the sake of interoperability, the RFC author
                    should pick one.
NEW:

Selectors      BGP runs between manually-configured pairs of hosts on TCP
                    port 179.  The appropriate selector would be the
                    pair of BGP speakers, for that port only.  Note that
                    the router's "loopback address" is almost certainly
                    the address to use.

  Mode          Transport mode would likely be the proper choice if IPSec
                      were used.  The information being communicated is generally not
                    confidential, so encryption need not be used.
                    Either AH or ESP could be used; if ESP were used, the
                    sender's IP address would need to be checked against
                    the IP address asserted in the key management
                    exchange.  (This check is mandated by [RFC2401].)
                    For the sake of interoperability, either AH or ESP 
                    would need to be mandatory to implement.

(David Ward) (was Discuss) No Objection

Magnus Westerlund No Objection