Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
draft-ietf-ipsecme-rfc7321bis-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-10-13
|
06 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-08-25
|
06 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-08-18
|
06 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2017-08-08
|
06 | (System) | IANA Action state changed to No IC from In Progress |
2017-07-18
|
06 | Tero Kivinen | Added to session: IETF-99: ipsecme Fri-1150 |
2017-07-17
|
06 | (System) | RFC Editor state changed to EDIT |
2017-07-17
|
06 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-07-17
|
06 | (System) | Announcement was received by RFC Editor |
2017-07-17
|
06 | (System) | IANA Action state changed to In Progress |
2017-07-17
|
06 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::External Party |
2017-07-17
|
06 | Amy Vezza | IESG has approved the document |
2017-07-17
|
06 | Amy Vezza | Closed "Approve" ballot |
2017-07-17
|
06 | Amy Vezza | Ballot approval text was generated |
2017-07-17
|
06 | Amy Vezza | Ballot writeup was changed |
2017-06-19
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2017-06-19
|
06 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-06.txt |
2017-06-19
|
06 | (System) | New version approved |
2017-06-19
|
06 | (System) | Request for posting confirmation emailed to previous authors: Paul Wouters , John Mattsson , Daniel Migault , Tero Kivinen , Yoav Nir |
2017-06-19
|
06 | Paul Wouters | Uploaded new revision |
2017-06-17
|
05 | Eric Rescorla | I see this is External Party but I'm not sure what it's waiting for. Secretariat? |
2017-04-13
|
05 | Fred Baker | Request for Telechat review by OPSDIR Completed: Has Issues. Reviewer: Fred Baker. |
2017-04-12
|
05 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Fred Baker |
2017-04-12
|
05 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Fred Baker |
2017-04-11
|
05 | Sheng Jiang | Assignment of request for Telechat review by OPSDIR to Sheng Jiang was rejected |
2017-03-29
|
05 | Amy Vezza | Shepherding AD changed to Eric Rescorla |
2017-03-29
|
05 | Tero Kivinen | Added to session: IETF-98: ipsecme Wed-1300 |
2017-03-16
|
05 | Jean Mahoney | Request for Telechat review by GENART Completed: Ready with Nits. Reviewer: Meral Shirazipour. |
2017-03-16
|
05 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::External Party from Waiting for AD Go-Ahead |
2017-03-16
|
05 | Benoît Claise | [Ballot comment] As discussed based on the OPS DIR review: Hi Paul, To avoid any future questions, are your 3 justifications below mentioned in the … [Ballot comment] As discussed based on the OPS DIR review: Hi Paul, To avoid any future questions, are your 3 justifications below mentioned in the draft? Regards, Benoit > On 03/13/2017 07:17 AM, Sheng Jiang wrote: > > Hello Sheng, > > thanks for your review! > >> Comparing with RFC 7321, this document uses different names for algorithms. Although it looks consistent, it may reduce readability a little. The below items, I would like to double check for consistent. >> >> >> >> 3DES ?= TripleDES-CBC (old) >> >> DES ?= DES-CBC (old) >> >> AES_XCBC_96 ?= AES-XCBC-MAC-96 (old) > e actually changed all names to match the actual IANA IKEv2 entries at http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml > >> There are a few new algorithms mentioned, without any description or analysis. Additional explanation should be needed. >> >> >> DES_IV64 >> >> DES_IV32 >> >> 3IDEA > Those are old reserved entries that have no implementation and therefor actually have no RFC we can point to. Which is also why we made > it very clear these are MUST NOT. > >> I actually have more concerns regarding to the below algorithm that is mentioned in RFC7321, but not in this document. Does it create a new hole? >> >> >> AES-CTR [RFC3686] > It was mentioned in 7321 because it went from SHOULD to MAY. > > It is not mentioned in 7321bis because it is still at MAY, and we do not list any algorithms in MAY. > > I hope this clarifies your questions, > > Paul |
2017-03-16
|
05 | Benoît Claise | Ballot comment text updated for Benoit Claise |
2017-03-16
|
05 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2017-03-15
|
05 | Ben Campbell | [Ballot comment] I'm balloting "Yes", but I have a few minor comments/questions: - Abtstract: "This document obsoletes RFC 7321 on the cryptographic recommendations only." I'm … [Ballot comment] I'm balloting "Yes", but I have a few minor comments/questions: - Abtstract: "This document obsoletes RFC 7321 on the cryptographic recommendations only." I'm not sure what that means. Does the reader of this still need to read 7321? If so, is "obsoletes" the correct relation? -3: I wonder why "... is not to be used..." is not "... MUST NOT be used...". But the section goes on to say if you do it anyway, you MUST NOT use certain cryptosuites. So, does "... is not to be used..." mean "SHOULD NOT"? Or is this one of those "MUST NOT BUT WE KNOW YOU WILL" sort of requirements? - Table in section 6: I'm boggled by the first entry being labeled "MUST/MUST NOT". I don't see anything in the text to explain the "MUST" part--did I miss something? |
2017-03-15
|
05 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2017-03-15
|
05 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2017-03-15
|
05 | Tero Kivinen | Request for Telechat review by SECDIR Completed: Has Nits. Reviewer: Christian Huitema. |
2017-03-15
|
05 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2017-03-15
|
05 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2017-03-15
|
05 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov |
2017-03-15
|
05 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2017-03-15
|
05 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2017-03-15
|
05 | Alissa Cooper | [Ballot comment] "Interoperability with IoT" doesn't parse when I read it -- maybe you mean "for IoT devices to interoperate" or something like that? |
2017-03-15
|
05 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2017-03-15
|
05 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2017-03-14
|
05 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2017-03-14
|
05 | Stephen Farrell | [Ballot comment] - I agree with Christian's secdir review [1] that this doesn't seem justified (at least on it's face): " If manual keying is … [Ballot comment] - I agree with Christian's secdir review [1] that this doesn't seem justified (at least on it's face): " If manual keying is used anyway, ENCR_AES_CBC MUST be used, and ENCR_AES_CCM, ENCR_AES_GCM and ENCR_CHACHA20_POLY1305 MUST NOT be used as these algorithms require IKE. " Can you explain the reasoning that lead the WG to say that? - ENCR_NULL IMO ought be MUST NOT - did the WG discuss that explicitly? If so, can you provide a pointer to the archive? If not, does it still have to be a MUST? I do wonder who wants to use AH via NAT but cannot, which seems to be the justification. [1] https://www.ietf.org/mail-archive/web/secdir/current/msg07262.html |
2017-03-14
|
05 | Stephen Farrell | Ballot comment text updated for Stephen Farrell |
2017-03-14
|
05 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2017-03-14
|
05 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2017-03-13
|
05 | Kathleen Moriarty | Ballot has been issued |
2017-03-13
|
05 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2017-03-13
|
05 | Kathleen Moriarty | Created "Approve" ballot |
2017-03-13
|
05 | Kathleen Moriarty | Ballot writeup was changed |
2017-03-10
|
05 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2017-03-10
|
05 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-ipsecme-rfc7321bis-05.txt, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-ipsecme-rfc7321bis-05.txt, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal IANA Services Specialist PTI |
2017-03-02
|
05 | Jean Mahoney | Request for Telechat review by GENART is assigned to Meral Shirazipour |
2017-03-02
|
05 | Jean Mahoney | Request for Telechat review by GENART is assigned to Meral Shirazipour |
2017-03-01
|
05 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2017-03-01
|
05 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: draft-ietf-ipsecme-rfc7321bis@ietf.org, David Waltermire , ipsecme-chairs@ietf.org, ipsec@ietf.org, Kathleen.Moriarty.ietf@gmail.com, … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: draft-ietf-ipsecme-rfc7321bis@ietf.org, David Waltermire , ipsecme-chairs@ietf.org, ipsec@ietf.org, Kathleen.Moriarty.ietf@gmail.com, david.waltermire@nist.gov Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)) to Proposed Standard The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-03-15. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document updates the Cryptographic Algorithm Implementation Requirements for ESP and AH. The goal of these document is to enable ESP and AH to benefit from cryptography that is up to date while making IPsec interoperable. This document obsoletes RFC 7321 on the cryptographic recommendations only. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc7321bis/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc7321bis/ballot/ No IPR declarations have been submitted directly on this I-D. |
2017-03-01
|
05 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2017-03-01
|
05 | Amy Vezza | Last call announcement was changed |
2017-02-28
|
05 | Kathleen Moriarty | Last call was requested |
2017-02-28
|
05 | Kathleen Moriarty | Ballot approval text was generated |
2017-02-28
|
05 | Kathleen Moriarty | Ballot writeup was generated |
2017-02-28
|
05 | Kathleen Moriarty | IESG state changed to Last Call Requested from AD Evaluation |
2017-02-28
|
05 | Kathleen Moriarty | Last call announcement was generated |
2017-02-27
|
05 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-05.txt |
2017-02-27
|
05 | (System) | New version approved |
2017-02-27
|
05 | (System) | Request for posting confirmation emailed to previous authors: Yoav Nir , ipsecme-chairs@ietf.org, John Mattsson , Daniel Migault , Tero Kivinen , Paul Wouters |
2017-02-27
|
05 | Paul Wouters | Uploaded new revision |
2017-02-23
|
04 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Christian Huitema |
2017-02-23
|
04 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Christian Huitema |
2017-02-20
|
04 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Sheng Jiang |
2017-02-20
|
04 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Sheng Jiang |
2017-02-17
|
04 | Kathleen Moriarty | IESG state changed to AD Evaluation from Publication Requested |
2017-02-16
|
04 | Kathleen Moriarty | Placed on agenda for telechat - 2017-03-16 |
2017-02-15
|
04 | David Waltermire | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2017-02-15
|
04 | David Waltermire | The following is an Essay Style Document Writeup: 1. Summary The document shepherd is David Waltermire, and responsible area director is Kathleen Moriarty. This document … The following is an Essay Style Document Writeup: 1. Summary The document shepherd is David Waltermire, and responsible area director is Kathleen Moriarty. This document is intended to obsolete the RFC7321 (Proposed Standard) and define a current mandatory to implement algorithms requirements and usage for IPsec traffic. There is another document draft-ietf-ipsecme-rfc4307bis which does the same changes to the IKEv2, and both of the documents are mostly aligned to be same, except where there are different requirements for algorithms in IKEv2 vs ESP. It is requested that this draft and draft-ietf-ipsecme-rfc4307bis be grouped for completing the publication process. 2. Review and Consensus The draft had no controversy. The draft has been discussed frequently on the mailing list and a lot of comments have been provided on list by people other than the authors. In addition to mailing list discussions, the draft has been presented and discussed during IETF meetings at Berlin (IETF96) and briefly at Seoul (IETF97). Most of the decisions on the algorithm levels were done already when discussing the companion document rfc4307bis. 3. Intellectual Property The authors are not aware of any IPRs related to this document or the earlier versions of this document: RFC 7321, RFC 4835, or RFC 4305. 4. Other Points IDnits complain about the IoT and UNSPECIFIED references, but they are not really references in real sense, but comments marked in []. It also complains that there is an unused reference to RFC4309 which is only referenced in the figure, so id nits fails to see the reference. There are also two references to the obsolete documents RFC2393 and RFC4835. Both of these are intentional. The RFC2393 refers to the LZS compression and this is copy of the text from the IKEv2 IANA registry. The RFC4835 reference is for the previous version of this document and the text refers to the terminology started there. |
2017-02-15
|
04 | David Waltermire | Responsible AD changed to Kathleen Moriarty |
2017-02-15
|
04 | David Waltermire | IETF WG state changed to Submitted to IESG for Publication from In WG Last Call |
2017-02-15
|
04 | David Waltermire | IESG state changed to Publication Requested |
2017-02-15
|
04 | David Waltermire | IESG process started in state Publication Requested |
2017-02-15
|
04 | David Waltermire | Changed consensus to Yes from Unknown |
2017-02-15
|
04 | David Waltermire | Intended Status changed to Proposed Standard from None |
2017-02-15
|
04 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-04.txt |
2017-02-15
|
04 | (System) | New version approved |
2017-02-15
|
04 | (System) | Request for posting confirmation emailed to previous authors: ipsecme-chairs@ietf.org, "John Mattsson" , "Paul Wouters" , "Yoav Nir" , "Tero Kivinen" , "Daniel Migault" |
2017-02-15
|
04 | Paul Wouters | Uploaded new revision |
2017-02-15
|
03 | David Waltermire | Changed document writeup |
2017-02-02
|
03 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-03.txt |
2017-02-02
|
03 | (System) | New version approved |
2017-02-02
|
03 | (System) | Request for posting confirmation emailed to previous authors: ipsecme-chairs@ietf.org, "John Mattsson" , "Paul Wouters" , "Yoav Nir" , "Tero Kivinen" , "Daniel Migault" |
2017-02-02
|
03 | Paul Wouters | Uploaded new revision |
2017-01-30
|
02 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-02.txt |
2017-01-30
|
02 | (System) | New version approved |
2017-01-30
|
02 | (System) | Request for posting confirmation emailed to previous authors: ipsecme-chairs@ietf.org, "John Mattsson" , "Paul Wouters" , "Yoav Nir" , "Tero Kivinen" , "Daniel Migault" |
2017-01-30
|
02 | Paul Wouters | Uploaded new revision |
2017-01-30
|
01 | David Waltermire | Tag Revised I-D Needed - Issue raised by WGLC set. |
2017-01-30
|
01 | David Waltermire | IETF WG state changed to In WG Last Call from WG Document |
2017-01-08
|
01 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-01.txt |
2017-01-08
|
01 | (System) | New version approved |
2017-01-08
|
01 | (System) | Request for posting confirmation emailed to previous authors: ipsecme-chairs@ietf.org, "John Mattsson" , "Paul Wouters" , "Yoav Nir" , "Tero Kivinen" , "Daniel Migault" |
2017-01-08
|
01 | Paul Wouters | Uploaded new revision |
2016-10-28
|
00 | David Waltermire | Notification list changed to "David Waltermire" <david.waltermire@nist.gov> |
2016-10-28
|
00 | David Waltermire | Document shepherd changed to David Waltermire |
2016-10-27
|
00 | David Waltermire | This document now replaces draft-mglt-ipsecme-rfc7321bis instead of None |
2016-10-27
|
00 | Paul Wouters | New version available: draft-ietf-ipsecme-rfc7321bis-00.txt |
2016-10-27
|
00 | (System) | WG -00 approved |
2016-10-06
|
00 | Paul Wouters | Set submitter to "Paul Wouters ", replaces to draft-mglt-ipsecme-rfc7321bis and sent approval email to group chairs: ipsecme-chairs@ietf.org |
2016-10-06
|
00 | Paul Wouters | Uploaded new revision |