idnits 2.17.1 draft-pwouters-ikev1-ipsec-graveyard-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC8247, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC7296, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC8221, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 20, 2019) is 1617 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2407 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 2408 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 2409 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 4306 (Obsoleted by RFC 5996) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network P. Wouters, Ed. 3 Internet-Draft Red Hat 4 Updates: 7296,8221,8247 (if approved) November 20, 2019 5 Intended status: Standards Track 6 Expires: May 23, 2020 8 Deprecation of IKEv1 and obsoleted algorithms 9 draft-pwouters-ikev1-ipsec-graveyard-02 11 Abstract 13 This document deprecates Internet Key Exchange version 1 (IKEv1) and 14 additionally deprecates a number of algorithms that are obsolete. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on May 23, 2020. 33 Copyright Notice 35 Copyright (c) 2019 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 52 3. Deprecating IKEv1 . . . . . . . . . . . . . . . . . . . . . . 3 53 4. Deprecating obsolete algorithms . . . . . . . . . . . . . . . 3 54 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 55 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 56 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 58 7.2. Informative References . . . . . . . . . . . . . . . . . 6 59 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 61 1. Introduction 63 IKEv1 [RFC2409] and its related documents for ISAKMP [RFC2408] and 64 IPsec DOI [RFC2407] were obsoleted by IKEv2 [RFC4306] in December 65 2005. The latest version of IKEv2 at the time of writing was 66 published in 2014 in [RFC7296]. The Internet Key Exchange (IKE) 67 version 2 has replaced version 1 over 15 years ago. IKEv2 has now 68 seen wide deployment and provides a full replacement for all IKEv1 69 functionality. No new modifications or new algorithms have been 70 accepted for IKEv1 for at least a decade. IKEv2 addresses various 71 issues present in IKEv1, such as IKEv1 being vulnerable to 72 amplification attacks. This document specifies the deprecation of 73 IKEv1, and requests IANA to close all IKEv1 registries. IKEv1 MUST 74 NOT be deployed. 76 Algorithm implementation requirements and usage guidelines for IKEv2 77 [RFC8247] and ESP/AH [RFC8223] gives guidance to implementors but 78 limits that guidance to avoid broken or weak algorithms. It does not 79 deprecate algorithms that have aged and are no longer in use, but 80 leave these algorithms in a state of "MAY be used". This document 81 deprecates those algorithms that are no longer advised but for which 82 there are no known attacks resulting in their earlier deprecation. 84 2. Requirements Language 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 88 "OPTIONAL" in this document are to be interpreted as described in BCP 89 14 [RFC2119] [RFC8174] when, and only when, they appear in all 90 capitals, as shown here. 92 3. Deprecating IKEv1 94 IKEv1 is deprecated and MUST NOT be deployed. Systems running IKEv1 95 should be upgraded and reconfigured to run IKEv2. Systems that 96 support IKEv1 but not IKEv2 are most likely also unsuitable 97 candidates for continued operation. Such unsupported systems have a 98 much higher chance of containing an implementation vulnerability that 99 will never be patched. IKEv1 systems can be abused for packet 100 amplification attacks. IKEv1 systems most likely do not support 101 modern algorithms such as AES-GCM or CHACHA20_POLY1305 and quite 102 often only support or have been configured to use the very weak 103 Diffie-Hellman Groups 2 and 5. IKEv1 systems must be upgraded or 104 replaced by IKEv2 systems. 106 IKEv1 and its way of using Preshared Keys (PSKs) protects against 107 quantum computer based attacks. IKEv2 updated its use of PSK to 108 improve the error reporting, but at the expense of post-quantum 109 security. If post-quantum security is required, these systems should 110 be migrated to use IKEv2 Postquantum Preshared Keys (PPK) 111 [draft-ietf-ipsecme-qr-ikev2]. 113 Some IKEv1 implementations support Labeled IPsec, a method to 114 negotiate an addition Security Context selector to the SPD, but this 115 method was never standarized in IKEv1. Those IKEv1 systems that 116 require Labeled IPsec should migrate to an IKEv2 system supporting 117 Labeled IPsec as specified in [draft-ietf-ipsecme-labeled-ipsec]. 119 EDITOR NOTE: This document is expected to be released only after the 120 PPK draft has become an RFC. While the same could be said for 121 Labeled IPsec, there is no IKEv1 RFC that specifies Labeled IPsec, so 122 pointing to a draft here does not demote a reference from RFC to a 123 draft. 125 4. Deprecating obsolete algorithms 127 This document deprecates the following algorithms: 129 o Encryption Algorithms: RC5, IDEA, CAST, Blowfish, and the 130 unspecified 3IDEA, ENCR_DES_IV64 and ENCR_DES_IV32 132 o PRF Algorithms: the unspecified PRF_HMAC_TIGER 134 o Integrity Algorithms: HMAC-MD5-128 136 o Diffie-Hellman groups: none 138 5. Security Considerations 140 There are only security benefits by deprecating IKEv1 for IKEv2. 142 The deprecated algorithms have long been in disuse and are no longer 143 actively deployed or researched. It presents an unknown security 144 risk that is best avoided. Additionally, these algorithms not being 145 supported in implementations simplifies those implementations and 146 reduces the accidental use of these deprecated algorithms through 147 misconfiguration or downgrade attacks. 149 6. IANA Considerations 151 This document instructs IANA to mark all IKEv1 registries as 152 DEPRECATED. 154 Additionally, this document instructs IANA to add an additional 155 Status column to the IKEv2 Transform Type registries and mark the 156 following entries as DEPRECATED: 158 Transform Type 1 - Encryption Algorithm IDs 160 Number Name Status 161 ------ --------------- ------ 162 1 ENCR_DES_IV64 DEPRECATED [this document] 163 2 ENCR_DES DEPRECATED [RFC8247] 164 4 ENCR_RC5 DEPRECATED [this document] 165 5 ENCR_IDEA DEPRECATED [this document] 166 6 ENCR_CAST DEPRECATED [this document] 167 7 ENCR_BLOWFISH DEPRECATED [this document] 168 8 ENCR_3IDEA DEPRECATED [this document] 169 9 ENCR_DES_IV32 DEPRECATED [this document] 171 Figure 1 173 Transform Type 2 - Pseudorandom Function Transform IDs 175 Number Name Status 176 ------ ------------ ---------- 177 1 PRF_HMAC_MD5 DEPRECATED [RFC8247] 178 1 PRF_HMAC_TIGER DEPRECATED [this document] 180 Figure 2 182 Transform Type 3 - Integrity Algorithm Transform IDs 184 Number Name Status 185 ------ ----------------- ---------- 186 1 AUTH_HMAC_MD5_96 DEPRECATED [RFC8247] 187 3 AUTH_DES_MAC DEPRECATED [RFC8247] 188 4 AUTH_KPDK_MD5 DEPRECATED [RFC8247] 189 6 AUTH_HMAC_MD5_128 DEPRECATED [this document] 190 7 AUTH_HMAC_SHA1_160 DEPRECATED [this document] 192 Figure 3 194 Transform Type 4 - Diffie Hellman Group Transform IDs 196 Number Name Status 197 ------ ---------------------------- ---------- 198 1 768-bit MODP Group DEPRECATED [RFC8247] 199 22 1024-bit MODP Group with 200 160-bit Prime Order Subgroup DEPRECATED [RFC8247] 202 Figure 4 204 All entries not mentioned here should receive no value in the new 205 Status field. 207 This document instructs IANA to close and mark as obsolete the 208 Internet Key Exchange (IKE) Attributes registries as well as the 209 "Magic Numbers" for ISAKMP Protocol registries. 211 7. References 213 7.1. Normative References 215 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 216 Requirement Levels", BCP 14, RFC 2119, 217 DOI 10.17487/RFC2119, March 1997, . 220 [RFC2407] Piper, D., "The Internet IP Security Domain of 221 Interpretation for ISAKMP", RFC 2407, 222 DOI 10.17487/RFC2407, November 1998, . 225 [RFC2408] Maughan, D., Schertler, M., Schneider, M., and J. Turner, 226 "Internet Security Association and Key Management Protocol 227 (ISAKMP)", RFC 2408, DOI 10.17487/RFC2408, November 1998, 228 . 230 [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange 231 (IKE)", RFC 2409, DOI 10.17487/RFC2409, November 1998, 232 . 234 [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) 235 Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005, 236 . 238 [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. 239 Kivinen, "Internet Key Exchange Protocol Version 2 240 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 241 2014, . 243 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 244 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 245 May 2017, . 247 [RFC8223] Esale, S., Torvi, R., Jalil, L., Chunduri, U., and K. 248 Raza, "Application-Aware Targeted LDP", RFC 8223, 249 DOI 10.17487/RFC8223, August 2017, . 252 [RFC8247] Nir, Y., Kivinen, T., Wouters, P., and D. Migault, 253 "Algorithm Implementation Requirements and Usage Guidance 254 for the Internet Key Exchange Protocol Version 2 (IKEv2)", 255 RFC 8247, DOI 10.17487/RFC8247, September 2017, 256 . 258 7.2. Informative References 260 [draft-ietf-ipsecme-labeled-ipsec] 261 Wouters, P. and S. Prasad, "Labeled IPsec Traffic Selector 262 support for IKEv2", draft-ietf-ipsecme-labeled-ipsec (work 263 in progress), March 2019. 265 [draft-ietf-ipsecme-qr-ikev2] 266 Fluhrer, S., McGre, D., Kampanakis, P., and V. Smyslov, 267 "Postquantum Preshared Keys for IKEv2", draft-ietf- 268 ipsecme-qr-ikev2 (work in progress), March 2019. 270 Author's Address 272 Paul Wouters (editor) 273 Red Hat 275 Email: pwouters@redhat.com