idnits 2.17.1 draft-pwouters-ikev1-ipsec-graveyard-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC8247, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC7296, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC8221, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (December 30, 2019) is 1578 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2407 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 2408 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 2409 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 4306 (Obsoleted by RFC 5996) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network P. Wouters, Ed. 3 Internet-Draft Red Hat 4 Updates: 7296,8221,8247 (if approved) December 30, 2019 5 Intended status: Standards Track 6 Expires: July 2, 2020 8 Deprecation of IKEv1 and obsoleted algorithms 9 draft-pwouters-ikev1-ipsec-graveyard-04 11 Abstract 13 Internet Key Exchange version 1 (IKEv1) is deprecated. Accordingly, 14 IKEv1 has been moved to Historic status. A number of old algorithms 15 that are associated with IKEv1, and not widely implemented for IKEv2 16 are deprecated as well. IANA is instructed to close all IKEv1 17 registries. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on July 2, 2020. 36 Copyright Notice 38 Copyright (c) 2019 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 55 3. RFC 2409 to Historic . . . . . . . . . . . . . . . . . . . . 3 56 4. Deprecating obsolete algorithms . . . . . . . . . . . . . . . 3 57 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 58 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 60 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 61 7.2. Informative References . . . . . . . . . . . . . . . . . 6 62 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 64 1. Introduction 66 IKEv1 [RFC2409] and its related documents for ISAKMP [RFC2408] and 67 IPsec DOI [RFC2407] were obsoleted by IKEv2 [RFC4306] in December 68 2005. The latest version of IKEv2 at the time of writing was 69 published in 2014 in [RFC7296]. The Internet Key Exchange (IKE) 70 version 2 has replaced version 1 over 15 years ago. IKEv2 has now 71 seen wide deployment and provides a full replacement for all IKEv1 72 functionality. No new modifications or new algorithms have been 73 accepted for IKEv1 for at least a decade. IKEv2 addresses various 74 issues present in IKEv1, such as IKEv1 being vulnerable to 75 amplification attacks. IKEv1 has been moved to Historic status, and 76 this document requests IANA to close all IKEv1 registries. 78 Algorithm implementation requirements and usage guidelines for IKEv2 79 [RFC8247] and ESP/AH [RFC8223] gives guidance to implementors but 80 limits that guidance to avoid broken or weak algorithms. It does not 81 deprecate algorithms that have aged and are not in use, but leave 82 these algorithms in a state of "MAY be used". This document 83 deprecates those algorithms that are no longer advised but for which 84 there are no known attacks resulting in their earlier deprecation. 86 2. Requirements Language 88 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 89 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 90 "OPTIONAL" in this document are to be interpreted as described in BCP 91 14 [RFC2119] [RFC8174] when, and only when, they appear in all 92 capitals, as shown here. 94 3. RFC 2409 to Historic 96 IKEv1 is deprecated. Systems running IKEv1 should be upgraded and 97 reconfigured to run IKEv2. Systems that support IKEv1 but not IKEv2 98 are most likely also unsuitable candidates for continued operation. 99 Such unsupported systems have a much higher chance of containing an 100 implementation vulnerability that will never be patched. IKEv1 101 systems can be abused for packet amplification attacks. IKEv1 102 systems most likely do not support modern algorithms such as AES-GCM 103 or CHACHA20_POLY1305 and quite often only support or have been 104 configured to use the very weak Diffie-Hellman Groups 2 and 5. IKEv1 105 systems should be upgraded or replaced by IKEv2 systems. 107 IKEv1 and its way of using Preshared Keys (PSKs) protects against 108 quantum computer based attacks. IKEv2 updated its use of PSK to 109 improve the error reporting, but at the expense of post-quantum 110 security. If post-quantum security is required, these systems should 111 be migrated to use IKEv2 Postquantum Preshared Keys (PPK) 112 [draft-ietf-ipsecme-qr-ikev2]. 114 Some IKEv1 implementations support Labeled IPsec, a method to 115 negotiate an addition Security Context selector to the SPD, but this 116 method was never standarized in IKEv1. Those IKEv1 systems that 117 require Labeled IPsec should migrate to an IKEv2 system supporting 118 Labeled IPsec as specified in [draft-ietf-ipsecme-labeled-ipsec]. 120 EDITOR NOTE: This document is expected to be released only after the 121 PPK draft has become an RFC. While the same could be said for 122 Labeled IPsec, there is no IKEv1 RFC that specifies Labeled IPsec, so 123 pointing to a draft here does not demote a reference from RFC to a 124 draft. 126 4. Deprecating obsolete algorithms 128 This document deprecates the following algorithms: 130 o Encryption Algorithms: RC5, IDEA, CAST, Blowfish, and the 131 unspecified 3IDEA, ENCR_DES_IV64 and ENCR_DES_IV32 133 o PRF Algorithms: the unspecified PRF_HMAC_TIGER 135 o Integrity Algorithms: HMAC-MD5-128 137 o Diffie-Hellman groups: none 139 5. Security Considerations 141 There are only security benefits by deprecating IKEv1 for IKEv2. 143 The deprecated algorithms have long been in disuse and are no longer 144 actively deployed or researched. It presents an unknown security 145 risk that is best avoided. Additionally, these algorithms not being 146 supported in implementations simplifies those implementations and 147 reduces the accidental use of these deprecated algorithms through 148 misconfiguration or downgrade attacks. 150 6. IANA Considerations 152 This document instructs IANA to mark all IKEv1 registries as 153 DEPRECATED. 155 Additionally, this document instructs IANA to add an additional 156 Status column to the IKEv2 Transform Type registries and mark the 157 following entries as DEPRECATED: 159 Transform Type 1 - Encryption Algorithm IDs 161 Number Name Status 162 ------ --------------- ------ 163 1 ENCR_DES_IV64 DEPRECATED [this document] 164 2 ENCR_DES DEPRECATED [RFC8247] 165 4 ENCR_RC5 DEPRECATED [this document] 166 5 ENCR_IDEA DEPRECATED [this document] 167 6 ENCR_CAST DEPRECATED [this document] 168 7 ENCR_BLOWFISH DEPRECATED [this document] 169 8 ENCR_3IDEA DEPRECATED [this document] 170 9 ENCR_DES_IV32 DEPRECATED [this document] 172 Figure 1 174 Transform Type 2 - Pseudorandom Function Transform IDs 176 Number Name Status 177 ------ ------------ ---------- 178 1 PRF_HMAC_MD5 DEPRECATED [RFC8247] 179 1 PRF_HMAC_TIGER DEPRECATED [this document] 181 Figure 2 183 Transform Type 3 - Integrity Algorithm Transform IDs 185 Number Name Status 186 ------ ----------------- ---------- 187 1 AUTH_HMAC_MD5_96 DEPRECATED [RFC8247] 188 3 AUTH_DES_MAC DEPRECATED [RFC8247] 189 4 AUTH_KPDK_MD5 DEPRECATED [RFC8247] 190 6 AUTH_HMAC_MD5_128 DEPRECATED [this document] 191 7 AUTH_HMAC_SHA1_160 DEPRECATED [this document] 193 Figure 3 195 Transform Type 4 - Diffie Hellman Group Transform IDs 197 Number Name Status 198 ------ ---------------------------- ---------- 199 1 768-bit MODP Group DEPRECATED [RFC8247] 200 22 1024-bit MODP Group with 201 160-bit Prime Order Subgroup DEPRECATED [RFC8247] 203 Figure 4 205 All entries not mentioned here should receive no value in the new 206 Status field. 208 This document instructs IANA to close and mark as obsolete the 209 Internet Key Exchange (IKE) Attributes registries as well as the 210 "Magic Numbers" for ISAKMP Protocol registries. 212 The IESG is requested to designate IKEv1 to Historic. 214 7. References 216 7.1. Normative References 218 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 219 Requirement Levels", BCP 14, RFC 2119, 220 DOI 10.17487/RFC2119, March 1997, 221 . 223 [RFC2407] Piper, D., "The Internet IP Security Domain of 224 Interpretation for ISAKMP", RFC 2407, 225 DOI 10.17487/RFC2407, November 1998, 226 . 228 [RFC2408] Maughan, D., Schertler, M., Schneider, M., and J. Turner, 229 "Internet Security Association and Key Management Protocol 230 (ISAKMP)", RFC 2408, DOI 10.17487/RFC2408, November 1998, 231 . 233 [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange 234 (IKE)", RFC 2409, DOI 10.17487/RFC2409, November 1998, 235 . 237 [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) 238 Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005, 239 . 241 [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. 242 Kivinen, "Internet Key Exchange Protocol Version 2 243 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 244 2014, . 246 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 247 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 248 May 2017, . 250 [RFC8223] Esale, S., Torvi, R., Jalil, L., Chunduri, U., and K. 251 Raza, "Application-Aware Targeted LDP", RFC 8223, 252 DOI 10.17487/RFC8223, August 2017, 253 . 255 [RFC8247] Nir, Y., Kivinen, T., Wouters, P., and D. Migault, 256 "Algorithm Implementation Requirements and Usage Guidance 257 for the Internet Key Exchange Protocol Version 2 (IKEv2)", 258 RFC 8247, DOI 10.17487/RFC8247, September 2017, 259 . 261 7.2. Informative References 263 [draft-ietf-ipsecme-labeled-ipsec] 264 Wouters, P. and S. Prasad, "Labeled IPsec Traffic Selector 265 support for IKEv2", draft-ietf-ipsecme-labeled-ipsec (work 266 in progress), March 2019. 268 [draft-ietf-ipsecme-qr-ikev2] 269 Fluhrer, S., McGre, D., Kampanakis, P., and V. Smyslov, 270 "Postquantum Preshared Keys for IKEv2", draft-ietf- 271 ipsecme-qr-ikev2 (work in progress), March 2019. 273 Author's Address 275 Paul Wouters (editor) 276 Red Hat 278 Email: pwouters@redhat.com