On Mon, 13 Jan 2020, Dan Harkins wrote:
IKEv1 is done, it's over, it's dead. It's been like that for more than a decade.
I think there is a big difference between "done developing it" and "done running it". A decade ago almost everything was IKEv1. Today, with the exception of Android and ten year old gear, everything is IKEv2. And Android is scheduled to fix that this summer. So the move to Historic does seem valid now, and was not 10 years ago.
We already made a statement that we won't touch IKEv1 anymore and we made that statement fifteen years ago. And we're still doing "die die die" stuff that's now been refashioned into a "graveyard" effort in order to address the sensitive sensibilities of the new IETF, but it's still the same thing. It's trying add an underscore and an exclamation point to a statement that was already made. Because we're really serious this time-- it's in the graveyard!
I agree, it is kind of a symbolic gesture. But I think it will help (and not harm), so I think we should just publish it for those who can use it as a lever to migrate more older setups to new. To be honest, the biggest gain will be that people stop using DH1024, DH1536 and SHA1 that are defacto the only DH groups used with IKEv1. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
