| < draft-ietf-ipsecme-ikev1-algo-to-historic-01.txt | draft-ietf-ipsecme-ikev1-algo-to-historic-02.txt > | |||
|---|---|---|---|---|
| Network P. Wouters, Ed. | Network P. Wouters, Ed. | |||
| Internet-Draft Aiven | Internet-Draft Aiven | |||
| Updates: 7296, 8221, 8247 (if approved) 27 June 2021 | Updates: 7296, 8221, 8247 (if approved) 25 October 2021 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: 29 December 2021 | Expires: 28 April 2022 | |||
| Deprecation of IKEv1 and obsoleted algorithms | Deprecation of IKEv1 and obsoleted algorithms | |||
| draft-ietf-ipsecme-ikev1-algo-to-historic-01 | draft-ietf-ipsecme-ikev1-algo-to-historic-02 | |||
| Abstract | Abstract | |||
| Internet Key Exchange version 1 (IKEv1) is deprecated. Accordingly, | Internet Key Exchange version 1 (IKEv1) is deprecated. Accordingly, | |||
| IKEv1 has been moved to Historic status. A number of old algorithms | IKEv1 has been moved to Historic status. A number of old algorithms | |||
| that are associated with IKEv1, and not widely implemented for IKEv2 | that are associated with IKEv1, and not widely implemented for IKEv2 | |||
| are deprecated as well. This document adds a Status column to the | are deprecated as well. This document adds a Status column to the | |||
| IANA IKEv2 Transform Type registries. | IANA IKEv2 Transform Type registries. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 29 December 2021. | This Internet-Draft will expire on 28 April 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 17 ¶ | skipping to change at page 2, line 17 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 | 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. RFC 2409 to Historic . . . . . . . . . . . . . . . . . . . . 3 | 3. RFC 2409 to Historic . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. IKEv1 feature equivalents for IKEv2 . . . . . . . . . . . . . 3 | 4. IKEv1 feature equivalents for IKEv2 . . . . . . . . . . . . . 3 | |||
| 4.1. IKEv2 postquantum support . . . . . . . . . . . . . . . . 4 | 4.1. IKEv2 postquantum support . . . . . . . . . . . . . . . . 4 | |||
| 4.2. IKEv2 Labeled IPsec support . . . . . . . . . . . . . . . 4 | 4.2. IKEv2 Labeled IPsec support . . . . . . . . . . . . . . . 4 | |||
| 4.3. IKEv2 Group SA / Multicast support . . . . . . . . . . . 4 | 4.3. IKEv2 Group SA / Multicast support . . . . . . . . . . . 4 | |||
| 5. Deprecating obsolete algorithms . . . . . . . . . . . . . . . 4 | 5. Deprecating obsolete algorithms . . . . . . . . . . . . . . . 4 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. Normative References . . . . . . . . . . . . . . . . . . . . 6 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 | ||||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 7 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 1. Introduction | 1. Introduction | |||
| IKEv1 [RFC2409] and its related documents for ISAKMP [RFC2408] and | IKEv1 [RFC2409] and its related documents for ISAKMP [RFC2408] and | |||
| IPsec DOI [RFC2407] were obsoleted by IKEv2 [RFC4306] in December | IPsec DOI [RFC2407] were obsoleted by IKEv2 [RFC4306] in December | |||
| 2005. The latest version of IKEv2 at the time of writing was | 2005. The latest version of IKEv2 at the time of writing was | |||
| published in 2014 in [RFC7296]. The Internet Key Exchange (IKE) | published in 2014 in [RFC7296]. The Internet Key Exchange (IKE) | |||
| version 2 has replaced version 1 over 15 years ago. IKEv2 has now | version 2 has replaced version 1 over 15 years ago. IKEv2 has now | |||
| seen wide deployment and provides a full replacement for all IKEv1 | seen wide deployment and provides a full replacement for all IKEv1 | |||
| skipping to change at page 3, line 32 ¶ | skipping to change at page 3, line 32 ¶ | |||
| running unmaintained code with its associated security risks. | running unmaintained code with its associated security risks. | |||
| * IKEv1 systems can be abused for packet amplification attacks, as | * IKEv1 systems can be abused for packet amplification attacks, as | |||
| documented in the Security Bulletin CVE-2016-5361. | documented in the Security Bulletin CVE-2016-5361. | |||
| * Great strides have been made in cryptography since IKEv1 | * Great strides have been made in cryptography since IKEv1 | |||
| development ceased. While some modern cryptographic algorithms | development ceased. While some modern cryptographic algorithms | |||
| were added to IKEv1, interoperability concerns mean that the | were added to IKEv1, interoperability concerns mean that the | |||
| defacto algorithms negotiated by IKEv1 will consist of dated or | defacto algorithms negotiated by IKEv1 will consist of dated or | |||
| deprecated algorithms like AES-CBC, SHA1, and Diffie-Hellman | deprecated algorithms like AES-CBC, SHA1, and Diffie-Hellman | |||
| groups 2 and 5. IKEv2 provides state-of-the-art suite of | groups 1 or 2. IKEv2 provides state-of-the-art suite of | |||
| cryptographic algorithms that IKEv1 lacks. | cryptographic algorithms that IKEv1 lacks. | |||
| IKEv2 is a more secure protocol than IKEv1 in every aspect. | IKEv2 is a more secure protocol than IKEv1. For example, IKEv2 | |||
| offers more modern cryptographic primitives, proper defense against | ||||
| denial of service attacks, improved authentication via EAP methods, | ||||
| PAKE support and is actively worked on with respect to defending | ||||
| against quantum computer attacks. | ||||
| IKEv1-only systems should be upgraded or replaced by systems | IKEv1-only systems should be upgraded or replaced by systems | |||
| supporting IKEv2. IKEv1 configurations SHOULD NOT be directly | supporting IKEv2. IKEv1 configurations SHOULD NOT be directly | |||
| translated to IKEv2 configurations without updating the cryptographic | translated to IKEv2 configurations without updating the cryptographic | |||
| algorithms used. | algorithms used. | |||
| 4. IKEv1 feature equivalents for IKEv2 | 4. IKEv1 feature equivalents for IKEv2 | |||
| A few notably IKEv1 features are not present in the IKEv2 core | A few notably IKEv1 features are not present in the IKEv2 core | |||
| specification [RFC7296] but are available for IKEv2 via an additional | specification [RFC7296] but are available for IKEv2 via an additional | |||
| specification: | specification: | |||
| skipping to change at page 4, line 23 ¶ | skipping to change at page 4, line 23 ¶ | |||
| 4.2. IKEv2 Labeled IPsec support | 4.2. IKEv2 Labeled IPsec support | |||
| Some IKEv1 implementations support Labeled IPsec, a method to | Some IKEv1 implementations support Labeled IPsec, a method to | |||
| negotiate an addition Security Context selector to the SPD, but this | negotiate an addition Security Context selector to the SPD, but this | |||
| method was never standarized in IKEv1. Those IKEv1 systems that | method was never standarized in IKEv1. Those IKEv1 systems that | |||
| require Labeled IPsec should migrate to an IKEv2 system supporting | require Labeled IPsec should migrate to an IKEv2 system supporting | |||
| Labeled IPsec as specified in [draft-ietf-ipsecme-labeled-ipsec]. | Labeled IPsec as specified in [draft-ietf-ipsecme-labeled-ipsec]. | |||
| 4.3. IKEv2 Group SA / Multicast support | 4.3. IKEv2 Group SA / Multicast support | |||
| In IKEv1, [RFC6407], [RFC3740], [RFC5374] define the support for | The Group Domain of Interpretation (GDOI, [RFC6407]) protocol, based | |||
| Group SA and Multicast support. For IKEv2, this work is currently in | on IKEv1 defines the support for Multicast Group SAs. For IKEv2, | |||
| progress via [draft-ietf-ipsecme-g-ikev2] | this work is currently in progress via [draft-ietf-ipsecme-g-ikev2] | |||
| 5. Deprecating obsolete algorithms | 5. Deprecating obsolete algorithms | |||
| This document deprecates the following algorithms: | This document deprecates the following algorithms: | |||
| * Encryption Algorithms: RC5, IDEA, CAST, Blowfish, and the | * Encryption Algorithms: RC5, IDEA, CAST, Blowfish, and the | |||
| unspecified 3IDEA, ENCR_DES_IV64 and ENCR_DES_IV32 | unspecified 3IDEA, ENCR_DES_IV64 and ENCR_DES_IV32 | |||
| * PRF Algorithms: the unspecified PRF_HMAC_TIGER | * PRF Algorithms: the unspecified PRF_HMAC_TIGER | |||
| skipping to change at page 6, line 18 ¶ | skipping to change at page 6, line 18 ¶ | |||
| ------ ---------------------------- ---------- | ------ ---------------------------- ---------- | |||
| 1 768-bit MODP Group DEPRECATED [RFC8247] | 1 768-bit MODP Group DEPRECATED [RFC8247] | |||
| 22 1024-bit MODP Group with | 22 1024-bit MODP Group with | |||
| 160-bit Prime Order Subgroup DEPRECATED [RFC8247] | 160-bit Prime Order Subgroup DEPRECATED [RFC8247] | |||
| Figure 4 | Figure 4 | |||
| All entries not mentioned here should receive no value in the new | All entries not mentioned here should receive no value in the new | |||
| Status field. | Status field. | |||
| 8. Normative References | 8. References | |||
| [draft-ietf-ipsecme-g-ikev2] | ||||
| Smyslov, V. and B. Weis, "Group Key Management using | ||||
| IKEv2", Work in Progress, Internet-Draft, draft-ietf- | ||||
| ipsecme-labeled-ipsec, 11 January 2021, | ||||
| <https://tools.ietf.org/id/draft-ietf-ipsecme-labeled- | ||||
| ipsec-02.txt>. | ||||
| [draft-ietf-ipsecme-labeled-ipsec] | 8.1. Normative References | |||
| Wouters, P. and S. Prasad, "Labeled IPsec Traffic Selector | ||||
| support for IKEv2", Work in Progress, Internet-Draft, | ||||
| draft-ietf-ipsecme-labeled-ipsec, 4 May 2021, | ||||
| <https://tools.ietf.org/id/draft-ietf-ipsecme-labeled- | ||||
| ipsec-05.txt>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC2407] Piper, D., "The Internet IP Security Domain of | [RFC2407] Piper, D., "The Internet IP Security Domain of | |||
| Interpretation for ISAKMP", RFC 2407, | Interpretation for ISAKMP", RFC 2407, | |||
| DOI 10.17487/RFC2407, November 1998, | DOI 10.17487/RFC2407, November 1998, | |||
| <https://www.rfc-editor.org/info/rfc2407>. | <https://www.rfc-editor.org/info/rfc2407>. | |||
| [RFC2408] Maughan, D., Schertler, M., Schneider, M., and J. Turner, | [RFC2408] Maughan, D., Schertler, M., Schneider, M., and J. Turner, | |||
| "Internet Security Association and Key Management Protocol | "Internet Security Association and Key Management Protocol | |||
| (ISAKMP)", RFC 2408, DOI 10.17487/RFC2408, November 1998, | (ISAKMP)", RFC 2408, DOI 10.17487/RFC2408, November 1998, | |||
| <https://www.rfc-editor.org/info/rfc2408>. | <https://www.rfc-editor.org/info/rfc2408>. | |||
| [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange | [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange | |||
| (IKE)", RFC 2409, DOI 10.17487/RFC2409, November 1998, | (IKE)", RFC 2409, DOI 10.17487/RFC2409, November 1998, | |||
| <https://www.rfc-editor.org/info/rfc2409>. | <https://www.rfc-editor.org/info/rfc2409>. | |||
| [RFC3740] Hardjono, T. and B. Weis, "The Multicast Group Security | ||||
| Architecture", RFC 3740, DOI 10.17487/RFC3740, March 2004, | ||||
| <https://www.rfc-editor.org/info/rfc3740>. | ||||
| [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) | [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) | |||
| Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005, | Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005, | |||
| <https://www.rfc-editor.org/info/rfc4306>. | <https://www.rfc-editor.org/info/rfc4306>. | |||
| [RFC5374] Weis, B., Gross, G., and D. Ignjatic, "Multicast | ||||
| Extensions to the Security Architecture for the Internet | ||||
| Protocol", RFC 5374, DOI 10.17487/RFC5374, November 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5374>. | ||||
| [RFC6407] Weis, B., Rowles, S., and T. Hardjono, "The Group Domain | [RFC6407] Weis, B., Rowles, S., and T. Hardjono, "The Group Domain | |||
| of Interpretation", RFC 6407, DOI 10.17487/RFC6407, | of Interpretation", RFC 6407, DOI 10.17487/RFC6407, | |||
| October 2011, <https://www.rfc-editor.org/info/rfc6407>. | October 2011, <https://www.rfc-editor.org/info/rfc6407>. | |||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
| 2014, <https://www.rfc-editor.org/info/rfc7296>. | 2014, <https://www.rfc-editor.org/info/rfc7296>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| skipping to change at page 7, line 48 ¶ | skipping to change at page 7, line 26 ¶ | |||
| for the Internet Key Exchange Protocol Version 2 (IKEv2)", | for the Internet Key Exchange Protocol Version 2 (IKEv2)", | |||
| RFC 8247, DOI 10.17487/RFC8247, September 2017, | RFC 8247, DOI 10.17487/RFC8247, September 2017, | |||
| <https://www.rfc-editor.org/info/rfc8247>. | <https://www.rfc-editor.org/info/rfc8247>. | |||
| [RFC8784] Fluhrer, S., Kampanakis, P., McGrew, D., and V. Smyslov, | [RFC8784] Fluhrer, S., Kampanakis, P., McGrew, D., and V. Smyslov, | |||
| "Mixing Preshared Keys in the Internet Key Exchange | "Mixing Preshared Keys in the Internet Key Exchange | |||
| Protocol Version 2 (IKEv2) for Post-quantum Security", | Protocol Version 2 (IKEv2) for Post-quantum Security", | |||
| RFC 8784, DOI 10.17487/RFC8784, June 2020, | RFC 8784, DOI 10.17487/RFC8784, June 2020, | |||
| <https://www.rfc-editor.org/info/rfc8784>. | <https://www.rfc-editor.org/info/rfc8784>. | |||
| 8.2. Informative References | ||||
| [draft-ietf-ipsecme-g-ikev2] | ||||
| Smyslov, V. and B. Weis, "Group Key Management using | ||||
| IKEv2", Work in Progress, Internet-Draft, draft-ietf- | ||||
| ipsecme-g-ikev2, 11 January 2021, | ||||
| <https://www.ietf.org/archive/id/draft-ietf-ipsecme- | ||||
| g-ikev2-03.txt>. | ||||
| [draft-ietf-ipsecme-labeled-ipsec] | ||||
| Wouters, P. and S. Prasad, "Labeled IPsec Traffic Selector | ||||
| support for IKEv2", Work in Progress, Internet-Draft, | ||||
| draft-ietf-ipsecme-labeled-ipsec, 25 October 2021, | ||||
| <https://tools.ietf.org/id/draft-ietf-ipsecme-labeled- | ||||
| ipsec-06.txt>. | ||||
| Author's Address | Author's Address | |||
| Paul Wouters (editor) | Paul Wouters (editor) | |||
| Aiven | Aiven | |||
| Email: paul@nohats.ca | ||||
| Email: paul.wouters@aiven.io | ||||
| End of changes. 14 change blocks. | ||||
| 33 lines changed or deleted | 35 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||