idnits 2.17.1 draft-pwouters-ikev1-ipsec-graveyard-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC8247, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC7296, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC8221, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (February 21, 2021) is 1152 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2407 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 2408 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 2409 (Obsoleted by RFC 4306) ** Obsolete normative reference: RFC 4306 (Obsoleted by RFC 5996) Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network P. Wouters, Ed. 3 Internet-Draft Red Hat 4 Updates: 7296,8221,8247 (if approved) February 21, 2021 5 Intended status: Standards Track 6 Expires: August 25, 2021 8 Deprecation of IKEv1 and obsoleted algorithms 9 draft-pwouters-ikev1-ipsec-graveyard-06 11 Abstract 13 Internet Key Exchange version 1 (IKEv1) is deprecated. Accordingly, 14 IKEv1 has been moved to Historic status. A number of old algorithms 15 that are associated with IKEv1, and not widely implemented for IKEv2 16 are deprecated as well. IANA is instructed to close all IKEv1 17 registries. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on August 25, 2021. 36 Copyright Notice 38 Copyright (c) 2021 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 55 3. RFC 2409 to Historic . . . . . . . . . . . . . . . . . . . . 3 56 4. Deprecating obsolete algorithms . . . . . . . . . . . . . . . 3 57 5. Security Considerations . . . . . . . . . . . . . . . . . . . 3 58 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 60 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 61 7.2. Informative References . . . . . . . . . . . . . . . . . 6 62 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 64 1. Introduction 66 IKEv1 [RFC2409] and its related documents for ISAKMP [RFC2408] and 67 IPsec DOI [RFC2407] were obsoleted by IKEv2 [RFC4306] in December 68 2005. The latest version of IKEv2 at the time of writing was 69 published in 2014 in [RFC7296]. The Internet Key Exchange (IKE) 70 version 2 has replaced version 1 over 15 years ago. IKEv2 has now 71 seen wide deployment and provides a full replacement for all IKEv1 72 functionality. No new modifications or new algorithms have been 73 accepted for IKEv1 for at least a decade. IKEv2 addresses various 74 issues present in IKEv1, such as IKEv1 being vulnerable to 75 amplification attacks. IKEv1 has been moved to Historic status, and 76 this document requests IANA to close all IKEv1 registries. 78 Algorithm implementation requirements and usage guidelines for IKEv2 79 [RFC8247] and ESP/AH [RFC8223] gives guidance to implementors but 80 limits that guidance to avoid broken or weak algorithms. It does not 81 deprecate algorithms that have aged and are not in use, but leave 82 these algorithms in a state of "MAY be used". This document 83 deprecates those algorithms that are no longer advised but for which 84 there are no known attacks resulting in their earlier deprecation. 86 2. Requirements Language 88 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 89 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 90 "OPTIONAL" in this document are to be interpreted as described in BCP 91 14 [RFC2119] [RFC8174] when, and only when, they appear in all 92 capitals, as shown here. 94 3. RFC 2409 to Historic 96 IKEv1 is deprecated. Systems running IKEv1 should be upgraded and 97 reconfigured to run IKEv2. Systems that support IKEv1 but not IKEv2 98 are most likely also unsuitable candidates for continued operation. 99 Such unsupported systems have a much higher chance of containing an 100 implementation vulnerability that will never be patched. IKEv1 101 systems can be abused for packet amplification attacks. IKEv1 102 systems most likely do not support modern algorithms such as AES-GCM 103 or CHACHA20_POLY1305 and quite often only support or have been 104 configured to use the very weak Diffie-Hellman Groups 2 and 5. IKEv1 105 systems should be upgraded or replaced by IKEv2 systems. 107 IKEv1 and its way of using Preshared Keys (PSKs) protects against 108 quantum computer based attacks. IKEv2 updated its use of PSK to 109 improve the error reporting, but at the expense of post-quantum 110 security. If post-quantum security is required, these systems should 111 be migrated to use IKEv2 Postquantum Preshared Keys (PPK) [RFC8784] 113 Some IKEv1 implementations support Labeled IPsec, a method to 114 negotiate an addition Security Context selector to the SPD, but this 115 method was never standarized in IKEv1. Those IKEv1 systems that 116 require Labeled IPsec should migrate to an IKEv2 system supporting 117 Labeled IPsec as specified in [draft-ietf-ipsecme-labeled-ipsec]. 119 4. Deprecating obsolete algorithms 121 This document deprecates the following algorithms: 123 o Encryption Algorithms: RC5, IDEA, CAST, Blowfish, and the 124 unspecified 3IDEA, ENCR_DES_IV64 and ENCR_DES_IV32 126 o PRF Algorithms: the unspecified PRF_HMAC_TIGER 128 o Integrity Algorithms: HMAC-MD5-128 130 o Diffie-Hellman groups: none 132 5. Security Considerations 134 There are only security benefits by deprecating IKEv1 for IKEv2. 136 The deprecated algorithms have long been in disuse and are no longer 137 actively deployed or researched. It presents an unknown security 138 risk that is best avoided. Additionally, these algorithms not being 139 supported in implementations simplifies those implementations and 140 reduces the accidental use of these deprecated algorithms through 141 misconfiguration or downgrade attacks. 143 6. IANA Considerations 145 This document instructs IANA to mark all IKEv1 registries as 146 DEPRECATED. 148 Additionally, this document instructs IANA to add an additional 149 Status column to the IKEv2 Transform Type registries and mark the 150 following entries as DEPRECATED: 152 Transform Type 1 - Encryption Algorithm IDs 154 Number Name Status 155 ------ --------------- ------ 156 1 ENCR_DES_IV64 DEPRECATED [this document] 157 2 ENCR_DES DEPRECATED [RFC8247] 158 4 ENCR_RC5 DEPRECATED [this document] 159 5 ENCR_IDEA DEPRECATED [this document] 160 6 ENCR_CAST DEPRECATED [this document] 161 7 ENCR_BLOWFISH DEPRECATED [this document] 162 8 ENCR_3IDEA DEPRECATED [this document] 163 9 ENCR_DES_IV32 DEPRECATED [this document] 165 Figure 1 167 Transform Type 2 - Pseudorandom Function Transform IDs 169 Number Name Status 170 ------ ------------ ---------- 171 1 PRF_HMAC_MD5 DEPRECATED [RFC8247] 172 1 PRF_HMAC_TIGER DEPRECATED [this document] 174 Figure 2 176 Transform Type 3 - Integrity Algorithm Transform IDs 178 Number Name Status 179 ------ ----------------- ---------- 180 1 AUTH_HMAC_MD5_96 DEPRECATED [RFC8247] 181 3 AUTH_DES_MAC DEPRECATED [RFC8247] 182 4 AUTH_KPDK_MD5 DEPRECATED [RFC8247] 183 6 AUTH_HMAC_MD5_128 DEPRECATED [this document] 184 7 AUTH_HMAC_SHA1_160 DEPRECATED [this document] 186 Figure 3 188 Transform Type 4 - Diffie Hellman Group Transform IDs 190 Number Name Status 191 ------ ---------------------------- ---------- 192 1 768-bit MODP Group DEPRECATED [RFC8247] 193 22 1024-bit MODP Group with 194 160-bit Prime Order Subgroup DEPRECATED [RFC8247] 196 Figure 4 198 All entries not mentioned here should receive no value in the new 199 Status field. 201 This document instructs IANA to close and mark as obsolete the 202 Internet Key Exchange (IKE) Attributes registries as well as the 203 "Magic Numbers" for ISAKMP Protocol registries. 205 The IESG is requested to designate IKEv1 to Historic. 207 7. References 209 7.1. Normative References 211 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 212 Requirement Levels", BCP 14, RFC 2119, 213 DOI 10.17487/RFC2119, March 1997, 214 . 216 [RFC2407] Piper, D., "The Internet IP Security Domain of 217 Interpretation for ISAKMP", RFC 2407, 218 DOI 10.17487/RFC2407, November 1998, 219 . 221 [RFC2408] Maughan, D., Schertler, M., Schneider, M., and J. Turner, 222 "Internet Security Association and Key Management Protocol 223 (ISAKMP)", RFC 2408, DOI 10.17487/RFC2408, November 1998, 224 . 226 [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange 227 (IKE)", RFC 2409, DOI 10.17487/RFC2409, November 1998, 228 . 230 [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) 231 Protocol", RFC 4306, DOI 10.17487/RFC4306, December 2005, 232 . 234 [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. 235 Kivinen, "Internet Key Exchange Protocol Version 2 236 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 237 2014, . 239 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 240 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 241 May 2017, . 243 [RFC8223] Esale, S., Torvi, R., Jalil, L., Chunduri, U., and K. 244 Raza, "Application-Aware Targeted LDP", RFC 8223, 245 DOI 10.17487/RFC8223, August 2017, 246 . 248 [RFC8247] Nir, Y., Kivinen, T., Wouters, P., and D. Migault, 249 "Algorithm Implementation Requirements and Usage Guidance 250 for the Internet Key Exchange Protocol Version 2 (IKEv2)", 251 RFC 8247, DOI 10.17487/RFC8247, September 2017, 252 . 254 [RFC8784] Fluhrer, S., Kampanakis, P., McGrew, D., and V. Smyslov, 255 "Mixing Preshared Keys in the Internet Key Exchange 256 Protocol Version 2 (IKEv2) for Post-quantum Security", 257 RFC 8784, DOI 10.17487/RFC8784, June 2020, 258 . 260 7.2. Informative References 262 [draft-ietf-ipsecme-labeled-ipsec] 263 Wouters, P. and S. Prasad, "Labeled IPsec Traffic Selector 264 support for IKEv2", draft-ietf-ipsecme-labeled-ipsec (work 265 in progress), March 2019. 267 Author's Address 269 Paul Wouters (editor) 270 Red Hat 272 Email: pwouters@redhat.com