Skip to main content

Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 7296

Revision differences

Document history

Date Rev. By Action
2021-09-02
04 (System) Received changes through RFC Editor sync (added Verified Errata tag)
2015-10-14
04 (System) Notify list changed from ipsecme-chairs@ietf.org, draft-kivinen-ipsecme-ikev2-rfc5996bis@ietf.org, charliekaufman@outlook.com to charliekaufman@outlook.com
2014-10-24
04 (System) IANA registries were updated to include RFC7296
2014-10-24
04 (System) RFC published
2014-10-21
04 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2014-08-26
04 Paul Hoffman Document shepherd changed to Paul E. Hoffman
2014-08-26
04 Kathleen Moriarty Notification list changed to : ipsecme-chairs@tools.ietf.org, draft-kivinen-ipsecme-ikev2-rfc5996bis@tools.ietf.org, charliekaufman@outlook.com
2014-08-05
04 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2014-07-28
04 (System) RFC Editor state changed to RFC-EDITOR from AUTH
2014-07-28
04 (System) RFC Editor state changed to AUTH from EDIT
2014-06-27
04 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2014-06-27
04 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2014-06-27
04 (System) IANA Action state changed to In Progress from On Hold
2014-06-10
04 (System) IANA Action state changed to On Hold from Waiting on Authors
2014-06-10
04 Amy Vezza IESG state changed to RFC Ed Queue from Approved-announcement sent
2014-06-10
04 (System) RFC Editor state changed to EDIT
2014-06-10
04 (System) Announcement was received by RFC Editor
2014-06-09
04 (System) IANA Action state changed to Waiting on Authors from In Progress
2014-06-09
04 (System) IANA Action state changed to In Progress
2014-06-09
04 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup
2014-06-09
04 Amy Vezza IESG has approved the document
2014-06-09
04 Amy Vezza Closed "Approve" ballot
2014-06-09
04 Amy Vezza Ballot approval text was generated
2014-06-06
04 (System) Sub state has been changed to AD Followup from Revised ID Needed
2014-06-06
04 Tero Kivinen IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2014-06-06
04 Tero Kivinen New version available: draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt
2014-06-05
03 Suresh Krishnan Request for Telechat review by GENART Completed: Ready. Reviewer: Suresh Krishnan.
2014-06-02
03 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'No Response'
2014-05-29
03 Cindy Morgan IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation
2014-05-29
03 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2014-05-29
03 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2014-05-28
03 Richard Barnes [Ballot comment]
RSA is so well known we no longer need a reference?
2014-05-28
03 Richard Barnes [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes
2014-05-28
03 Pete Resnick
[Ballot comment]
Shepherd writeup had me confused; this is going for Internet Standard. (And bad form to have one of the editors shepherd their own …
[Ballot comment]
Shepherd writeup had me confused; this is going for Internet Standard. (And bad form to have one of the editors shepherd their own document.) But this seems perfectly ready for IS, so no objection from me.
2014-05-28
03 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2014-05-28
03 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2014-05-28
03 Adrian Farrel
[Ballot comment]
The Abstract is a bit confused and aspirational. It wouldn't fit on the document once published as an RFC. Possibly update the last …
[Ballot comment]
The Abstract is a bit confused and aspirational. It wouldn't fit on the document once published as an RFC. Possibly update the last sentence from...

  This document obsoletes RFC 5996, and includes all of the
  errata for it, and it is intended to update IKEv2 to be Internet
  Standard.

...to...

  This document obsoletes RFC 5996, and includes all of the
  errata for it. It advances IKEv2 to be an Internet Standard.
2014-05-28
03 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2014-05-28
03 Brian Haberman [Ballot comment]
Any comments I have are included in Zhen's INTDir review that is embedded in the other INT AD's ballot.
2014-05-28
03 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2014-05-28
03 Ted Lemon
[Ballot comment]
I would like to see the comments Cao Zhen raised during the IntArea directorate review addressed, but I don't think they rise to …
[Ballot comment]
I would like to see the comments Cao Zhen raised during the IntArea directorate review addressed, but I don't think they rise to the level of a DISCUSS.  I've included them below, can forward the whole message if desired.  This review was requested by Brian, so any credit for it happening goes to him--I'm just concurring with Zhen.

The major update of the this document to RFC5996 is the DEPRECATION of RAW RSA PUBLIC KEY entry. Thank the authors for this work, to catch this important issue in the smart and constrained communication world.

1. In Section 1.8
  " Deprecated Raw RSA Public keys.  There is new work ongoing to replace
  that with more generic format for generic raw public keys. "

Suggestion: to include some references to the "ongoing work". I believe they include draft-kivinen-ipsecme-oob-pubkey-07, draft-ietf-tls-oob-pubkey-01 and etc. But they are necessary for readers to track the on going work.

2. In Section 3.6, after the declaration that "Raw RSA Key " is deprecated, it is expected some explanation of background, and how could the implementation be forward/backward compatible. Say, if the Sender/Initiator is RFC5996 compatible, and includes a CERT with Raw RSA Key, but the Responder is updated with RFC5996-bis, what's the expected behaviors of both sides.  In section 3.7, for the CERT Request message handling, it is the same thing, what's the responder's behavior if the initiator asks for a CERT encode type of 'RAW RSA KEY' that has been deprecated, and similarly what will happen if the sender ask for the NEW ENCODE TYPE but the receiver does not support it. And so on and so forth.

If authors meant all the issues have been explained in the Section 3.2 of "Critical Bit", then the left question is how the initiator set the critical bit in these cases. But I do not think this is a self-explained issue. Some more text here will leave the implementers with less interop pain. 

3. Reference to IKEV2 IANA
  [IKEV2IANA]
            "Internet Key Exchange Version 2 (IKEv2) Parameters",
            .

  Suggest changing the URL to :
  http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
2014-05-28
03 Ted Lemon [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon
2014-05-28
03 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2014-05-27
03 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2014-05-27
03 Spencer Dawkins [Ballot comment]
Thanks to Stephen for balloting that he had reviewed the diff vs. 5996  :)
2014-05-27
03 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2014-05-27
03 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2014-05-26
03 Stephen Farrell
[Ballot comment]


My review was based on the diff vs. 5996. [1] All the changes look
ok to me.

But, I see there's a reported …
[Ballot comment]


My review was based on the diff vs. 5996. [1] All the changes look
ok to me.

But, I see there's a reported (not yet verified) erratum (3718) [2]
for which no change has been made.  Should that also be verified
and the change made or not?

[1] https://tools.ietf.org/rfcdiff?url1=rfc5996&url2=draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt

[2] http://www.rfc-editor.org/errata_search.php?rfc=5996
2014-05-26
03 Stephen Farrell [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell
2014-05-22
03 Jean Mahoney Request for Telechat review by GENART is assigned to Suresh Krishnan
2014-05-22
03 Jean Mahoney Request for Telechat review by GENART is assigned to Suresh Krishnan
2014-05-14
03 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2014-05-14
03 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2014-05-12
03 Kathleen Moriarty Ballot has been issued
2014-05-12
03 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2014-05-12
03 Kathleen Moriarty Created "Approve" ballot
2014-05-12
03 Kathleen Moriarty Ballot writeup was changed
2014-05-12
03 Kathleen Moriarty Placed on agenda for telechat - 2014-05-29
2014-04-25
03 Paul Hoffman
Shepherd Writeup for draft-kivinen-ipsecme-ikev2-rfc5996bis-02

1. Summary

Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the
responsible AD.

This document replaces …
Shepherd Writeup for draft-kivinen-ipsecme-ikev2-rfc5996bis-02

1. Summary

Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the
responsible AD.

This document replaces and updates RFC 5996 (IKEv2), and includes all of the errata for it,
and it is intended to update IKEv2 to be Internet Standard. It was meant to be part of an
effort to move IKEv2 to Full Standard, but that effort flagged; still, the draft has useful
clarifications.


2. Review and Consensus

The WG discussion of the document was scant, but with enough review to make it acceptable.
There were no objections to adoption.


3. Intellectual Property

The authors of RFC 5996 were already under the IPR rules.


4. Other Points

There is one necessary normative downref. RFC 3447 is for PKCS#1, which is required for implementation
of IKEv2. This was allowed for RFC 5996 (and others), and should be put on the allowed-downrefs list.

There are no new IANA registries because it is all clarifications.
2014-04-25
03 Tero Kivinen IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2014-04-25
03 Tero Kivinen New version available: draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt
2014-04-24
02 Tero Kivinen Request for Last Call review by SECDIR Completed: Ready. Reviewer: Scott Kelly.
2014-04-18
02 Kathleen Moriarty Waiting for idnits to be resolved
2014-04-18
02 Kathleen Moriarty Tag Revised I-D Needed - Issue raised by AD set.
2014-04-18
02 Kathleen Moriarty Removed from agenda for telechat
2014-04-18
02 Kathleen Moriarty Placed on agenda for telechat - 2014-04-24
2014-04-18
02 Kathleen Moriarty Removed from agenda for telechat
2014-04-18
02 Kathleen Moriarty Placed on agenda for telechat - 2014-04-24
2014-04-18
02 Kathleen Moriarty IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead
2014-04-18
02 Kathleen Moriarty IESG state changed to Waiting for AD Go-Ahead from Waiting for Writeup
2014-04-18
02 Kathleen Moriarty Ballot writeup was changed
2014-04-18
02 (System) IESG state changed to Waiting for Writeup from In Last Call
2014-04-14
02 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2014-04-14
02 Pearl Liang
IESG/Authors/WG Chairs:

IANA has reviewed draft-kivinen-ipsecme-ikev2-rfc5996bis-02.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon …
IESG/Authors/WG Chairs:

IANA has reviewed draft-kivinen-ipsecme-ikev2-rfc5996bis-02.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

IANA's reviewer has the following comments/questions:

IANA has a question about the action requested in the IANA Considerations section of this document.

IANA understands that, upon approval of this document, there are two actions which IANA must complete.

First, in the IKEv2 Certificate Encodings subregistry of the Internet Key Exchange Version 2 (IKEv2) Parameters registry located at:

http://www.iana.org/assignments/ikev2-parameters/

the document said:

"One item has been removed from the IKEv2 Certificate Encodings table:
  "Raw RSA Key"."

QUESTIONS:
1) Do the authors mean that this document is intended to remove
the value 11, "Raw RSA Key" from the subregistry?

2) If yes, should this item be removed, or should the item be left in
the registry and marked "Obsolete?"

Second, in the Internet Key Exchange Version 2 (IKEv2) Parameters registry located at:

http://www.iana.org/assignments/ikev2-parameters/

references to the document RFC 5996 should be changed to [ RFC-to-be ].

IANA understands that these two actions are the only ones required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.
2014-04-14
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Henry Yu
2014-04-14
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Henry Yu
2014-04-14
02 Gunter Van de Velde Assignment of request for Last Call review by OPSDIR to Tim Chown was rejected
2014-04-10
02 Jean Mahoney Request for Last Call review by GENART is assigned to Suresh Krishnan
2014-04-10
02 Jean Mahoney Request for Last Call review by GENART is assigned to Suresh Krishnan
2014-04-10
02 Tero Kivinen Request for Last Call review by SECDIR is assigned to Scott Kelly
2014-04-10
02 Tero Kivinen Request for Last Call review by SECDIR is assigned to Scott Kelly
2014-04-07
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Tim Chown
2014-04-07
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Tim Chown
2014-04-04
02 Amy Vezza IANA Review state changed to IANA - Review Needed
2014-04-04
02 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Internet Key Exchange Protocol Version …
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard


The IESG has received a request from the IP Security Maintenance and
Extensions WG (ipsecme) to consider the following document:
- 'Internet Key Exchange Protocol Version 2 (IKEv2)'
  as Internet Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-04-18. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes version 2 of the Internet Key Exchange (IKE)
  protocol.  IKE is a component of IPsec used for performing mutual
  authentication and establishing and maintaining Security Associations
  (SAs).  This document replaces and updates RFC 5996, and includes all
  of the errata for it, and it is intended to update IKEv2 to be
  Internet Standard.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ballot/


No IPR declarations have been submitted directly on this I-D.


2014-04-04
02 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2014-04-04
02 Kathleen Moriarty Last call was requested
2014-04-04
02 Kathleen Moriarty Ballot approval text was generated
2014-04-04
02 Kathleen Moriarty Ballot writeup was generated
2014-04-04
02 Kathleen Moriarty IESG state changed to Last Call Requested from Publication Requested
2014-04-04
02 Kathleen Moriarty Last call announcement was generated
2014-03-31
02 Paul Hoffman
Shepherd Writeup for draft-kivinen-ipsecme-ikev2-rfc5996bis-02

1. Summary

Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the
responsible AD.

This document replaces …
Shepherd Writeup for draft-kivinen-ipsecme-ikev2-rfc5996bis-02

1. Summary

Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the
responsible AD.

This document replaces and updates RFC 5996 (IKEv2), and includes all of the errata for it,
and it is intended to update IKEv2 to be Internet Standard. It was meant to be part of an
effort to move IKEv2 to Full Standard, but that effort flagged; still, the draft has useful
clarifications.


2. Review and Consensus

The WG discussion of the document was scant, but with enough review to make it acceptable.
There were no objections to adoption.


3. Intellectual Property

The authors of RFC 5996 were already under the IPR rules.


4. Other Points

There are no normative downrefs.

There are no new IANA registries because it is all clarifications.
2014-03-31
02 Paul Hoffman State Change Notice email list changed to ipsecme-chairs@tools.ietf.org, draft-kivinen-ipsecme-ikev2-rfc5996bis@tools.ietf.org
2014-03-31
02 Paul Hoffman Responsible AD changed to Kathleen Moriarty
2014-03-31
02 Paul Hoffman IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2014-03-31
02 Paul Hoffman IESG state changed to Publication Requested
2014-03-31
02 Paul Hoffman IESG process started in state Publication Requested
2014-03-31
02 Paul Hoffman Changed document writeup
2014-03-31
02 Paul Hoffman Changed document writeup
2014-03-31
02 Paul Hoffman Document shepherd changed to Paul E. Hoffman
2014-03-31
02 Paul Hoffman Changed consensus to Yes from Unknown
2014-03-31
02 Paul Hoffman IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2013-11-13
02 Tero Kivinen New version available: draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt
2013-10-23
01 Yaron Sheffer Intended Status changed to Internet Standard from None
2013-10-23
01 Yaron Sheffer IETF WG state changed to In WG Last Call from Adopted by a WG
2013-10-23
01 Yaron Sheffer IETF WG state changed to Adopted by a WG from Call For Adoption By WG Issued
2013-10-23
01 Yaron Sheffer IETF WG state changed to Call For Adoption By WG Issued from None
2013-10-23
01 Yaron Sheffer Changed group to IP Security Maintenance and Extensions (IPSECME)
2013-10-23
01 Yaron Sheffer Changed to IETF
2013-10-17
01 Tero Kivinen New version available: draft-kivinen-ipsecme-ikev2-rfc5996bis-01.txt
2013-08-09
00 Tero Kivinen New version available: draft-kivinen-ipsecme-ikev2-rfc5996bis-00.txt