Frankel, Sheila E. writes: > Issue #114: Expired drafts, especially BEET ... > Several Internet Drafts were written to address these problems: > Extended Authentication withn IKE (XAUTH) (draft-beaulieu-ike-xauth and > its predecessor draft-ietf-ipsra-isakmp-xauth) and The ISAKMP Configuration > Method (draft-dukes-ike-mode-cfg and its predecessor draft-ietf-ipsec-isakmp- > mode-cfg). These drafts did not progress to RFC status due to security > flaws and other problems related to these solutions. However, many current > IKEv1 implementations incorporate aspects of these solutions to facilitate > remote user access to corporate VPNs. These solutions were not standardized, > and different implementations implemented different versions. Thus, there > is no assurance that the implementations adhere fully to the suggested > solutions, or that one implementation can interoperate with others that > claim to incorporate the same features. Furthermore, these solutions have > known security issues. Thus, use of these solutions is not recommended.
Perhaps we should add some kind of advertisement here by changing the last sentence to: "All of those problems and security issues have been solved in the IKEv2, thus use of these non-standardized IKEv1 solutions is not recommended." I.e. provide the a solution to the problem (use IKEv2) in addition to just saying that "do not use them". -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
