Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-00.txt

Wed, 05 May 2021 20:08:57 -0700 


  Paul,

  Thanks for doing this. A few comments:

  - the first two bullet points in section 3 are basically speculation,
    "a number of..." is meaningless. These bullet points are ultimately
    not even necessary to make the case being made. Delete these, please.

  - fourth bullet in section 3 should be rewritten. The "Often, IKEv1..."
    sentence should be removed but the remainder is a decent point. IKEv1
    was standardized before modern ciphers were designed, to get support
    for modern, accepted ciphers use IKEv2.

  - there is another IKEv1 feature not available in IKEv2: a deniable
    authentication method. IKEv1 had a very cool deniable exchange
    involving encrypted nonces. IKEv2 decided to not support that for
    whatever reason. Lack of support for a cool and usefu authentication
    method doesn't really make the case to send IKEv1 to historic, but
    then, oh well. As an aside, I suggested a way to add an exchange
    such an exchange using HPKE [1]. Not that I'm saying this needs to
    be added to IKEv2, but if you're gonna talk about IKEv1 features
    missing in IKEv2 you should be complete.

Other than that, good work.

  regards,

  Dan.

[1] https://mailarchive.ietf.org/arch/msg/cfrg/zjQLxV2u1wUZMFraDuy6KRPIaqU/

On 4/28/21 8:48 AM, Paul Wouters wrote:

On Wed, 28 Apr 2021, internet-dra...@ietf.org wrote:
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-00.txt 

Looks like the datatracker email does not post the diff between
different document names :P

The diff is:
https://tools.ietf.org/rfcdiff?url1=draft-pwouters-ikev1-ipsec-graveyard-06.txt&url2=https://www.ietf.org/archive/id/draft-ietf-ipsecme-ikev1-algo-to-historic-00.txt 

Basically, it removes the IANA request to close the IKEv1 registries,
changes draft name / title to avoid "graveyard" and lists some items
as bullet points and sections, and changes some subjective wording to
more objective language.

I'm not saying this is ready for WGLC, but ....

Paul

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


--
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to