Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET

To: "Frankel, Sheila E." <sheila.frankel at nist.gov>
Subject: Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET
From: Tero Kivinen <kivinen at iki.fi>
Date: Wed, 28 Oct 2009 14:11:17 +0200
Cc: "ipsec at ietf.org" <ipsec at ietf.org>, Paul Hoffman <paul.hoffman at vpnc.org>, "suresh.krishnan at ericsson.com" <suresh.krishnan at ericsson.com>
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <D7A0423E5E193F40BE6E94126930C4930789878B75 at MBCLUSTER.xchange.nist.gov>
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <063.783474ea3d34b716e39da24271b27cac at tools.ietf.org> <D7A0423E5E193F40BE6E94126930C4930789878B75 at MBCLUSTER.xchange.nist.gov>

Frankel, Sheila E. writes:
> 2) Add text to the introductory section for IKEv1, Section 4.1.1:
> 
> Additional text:
...
> Two Internet Drafts were written to address these problems: Extended
> Authentication withn IKE (XAUTH) (draft-beaulieu-ike-xauth) and The
		     ^
within

> ISAKMP Configuration Method (draft-dukes-ike-mode-cfg).  These
> drafts did not progress to RFC status due to security flaws and
> other problems related to these solutions. However, many current
> IKEv1 implementations incorporate aspects of these solutions to
> facilitate remote user access to corporate VPNs. Since these
> solutions were not standardized, there is no assurance that the
> implementations adhere fully to the suggested solutions, or that one
> implementation can interoperate with others that claim to
> incorporate the same features. Furthermore, these solutions have
> know security issues. Thus, use of these solutions is not
> recommended, and these Internet Drafts are not specified in this
> roadmap.

I wonder if we should also say that different implementations took
different versions of the drafts (and their predecessors
draft-ietf-ipsra-isakmp-xauth and draft-ietf-ipsec-isakmp-mode-cfg)
and those different versions are NOT necessarely interoperable which
each other.

Actually listing also those predecessor drafts might be good idea as
implementations done before year 2000 mostly refer to them, and we are
talking about old expired drafts to obsoleted protocol, so most likely
people using them are not from this centrury :-)
-- 
kivinen at iki.fi

References:
- Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET
  - From: Frankel, Sheila E.

Prev by Date: Re: [IPsec] [ipsecme] #111: Can IKEv1 negotiate combined algorithms to be used by IPsec-v3?
Next by Date: Re: [IPsec] [ipsecme] #115: Camellia req levels for IKEv2
Previous by thread: Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET
Next by thread: Re: [IPsec] [ipsecme] #115: Camellia req levels for IKEv2
Index(es):
- Date
- Thread

Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.