Michael Richardson writes: > I was going through documents, and I was supprised that when we made > RFC7296 into STD79, that we didn't include RFC4301 into STD79. (and > maybe 4302 and 4303)
The reason STD79 only has IKEv2 is because that was only thing that was needed. The reason we moved IKEv2 to internet standard was because certain contries suddenly said that they can't use IKEv2 because it is only proposed standard, and they said they can only use full interent standards, and then they proposed their own key exchange mechanisms. There were no proposals to replace ESP or AH, so there was no need to make them internet standards. IPsec architeture RFC4301 could and perhaps should have been included, but finding enough energy to work on it did not see feasible at the time. I think we do need to make new version of IPsec architecture RFC4301 if we want to move it to standard track, and this will require energy that we might not have. Moving ESP RFC4303 to internet standard most likely also requires new version of the document, but that should be much easier, and I do not see that document needing that many changes. I do not see point of making AH RFC4302 an internet standard. It is not really used and it do has issues when used in internet bacause of its inherent incompatiblity with NATs, but on the other hand moving it to internet standard at the same time we move ESP should be quite easy. -- kivi...@iki.fi _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
