Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
draft-ietf-ipsecme-esp-ah-reqts-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2014-08-20
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2014-07-10
|
10 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2014-06-16
|
10 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2014-05-22
|
10 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2014-05-20
|
10 | Amy Vezza | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2014-05-20
|
10 | (System) | RFC Editor state changed to EDIT |
2014-05-20
|
10 | (System) | Announcement was received by RFC Editor |
2014-05-19
|
10 | (System) | IANA Action state changed to No IC from In Progress |
2014-05-19
|
10 | (System) | IANA Action state changed to In Progress |
2014-05-19
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2014-05-19
|
10 | Amy Vezza | IESG has approved the document |
2014-05-19
|
10 | Amy Vezza | Closed "Approve" ballot |
2014-05-19
|
10 | Amy Vezza | Ballot approval text was generated |
2014-05-18
|
10 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'No Response' |
2014-05-16
|
10 | Kathleen Moriarty | All comments have been addressed, this is ready for the next steps. |
2014-05-16
|
10 | Kathleen Moriarty | Tag AD Followup cleared. |
2014-05-16
|
10 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-10.txt |
2014-05-16
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2014-05-16
|
09 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-09.txt |
2014-05-15
|
08 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2014-05-15
|
08 | Paul Hoffman | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2014-05-15
|
08 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-08.txt |
2014-05-15
|
07 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2014-05-15
|
07 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2014-05-15
|
07 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2014-05-15
|
07 | Richard Barnes | [Ballot comment] To Stephen's point and Pete's: I suggested "REALLY SHOULD NOT" [RFC6919] |
2014-05-15
|
07 | Richard Barnes | [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes |
2014-05-14
|
07 | Pete Resnick | [Ballot comment] I am glad Barry and Adrian have already commented. I roll my eyes, wonder why this document did not reference RFC 6919, … [Ballot comment] I am glad Barry and Adrian have already commented. I roll my eyes, wonder why this document did not reference RFC 6919, and move on with my day. |
2014-05-14
|
07 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2014-05-14
|
07 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2014-05-14
|
07 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2014-05-13
|
07 | Stephen Farrell | [Ballot discuss] Just checking... Did the WG discuss keeping NULL encryption as a MUST? If so, that's fine, and I'd appreciate a pointer to the … [Ballot discuss] Just checking... Did the WG discuss keeping NULL encryption as a MUST? If so, that's fine, and I'd appreciate a pointer to the archive (had a quick look, didn't see it). If not, wouldn't that discussion be a good idea, given recent events? Or, if its so obvious amongst the IPsec community why NULL encryption is still needed, I will be in your debt for the education;-) |
2014-05-13
|
07 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2014-05-13
|
07 | Ted Lemon | [Ballot Position Update] New position, Yes, has been recorded for Ted Lemon |
2014-05-13
|
07 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2014-05-13
|
07 | Adrian Farrel | [Ballot comment] Barry caught one of my concerns... I agree that "SHOULD-implement" is open to confusion. --- Please consider renaming 2.5. Summary of Changes to … [Ballot comment] Barry caught one of my concerns... I agree that "SHOULD-implement" is open to confusion. --- Please consider renaming 2.5. Summary of Changes to 2.5. Summary of Changes from RFC 4835 Also please consider adding an introductory line of text in that section to clarify what it is talking about. --- It would appear that the editor note in Section 6 is no longer needed. At least, I removed it and idnits was quite happy. |
2014-05-13
|
07 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2014-05-12
|
07 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2014-05-12
|
07 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2014-05-09
|
07 | Barry Leiba | [Ballot comment] -- Section 3 -- Both confidentiality and authentication SHOULD be provided. If confidentiality is not needed, then authentication MAY be provided. … [Ballot comment] -- Section 3 -- Both confidentiality and authentication SHOULD be provided. If confidentiality is not needed, then authentication MAY be provided. Confidentiality without authentication is not effective [DP07] and SHOULD NOT be used. We describe each of these cases in more detail below. This says that if you confidentiality is not needed, authentication is *entirely* optional, and there is *no* recommendation being made about the use of authentication alone. Discussion with Paul indicates that that isn't what's meant, but that (1) the WG wasn't able to agree on better text, and (2) tweaking that sentence isn't going to affect implementations anyway. I think the failure here is in trying to stuff 2119 language in. Because the next paragraph goes into more details and uses the 2119 key words (and I think it gets it right), a good option might be to lose the 2119 key words in this short paragraph, and just have this be a lead-in to the next one. This one explains what you're getting at, and the next one puts in the details with the 2119 language. Some totally editorial stuff... no response needed either way: -- Section 4 -- Because you use "SHOULD-", it strikes me that "SHOULD-implement" might be misunderstood to refer only to "SHOULD-" algorithms. I suggest changing it this way: OLD The algorithms listed as MAY-implement are not meant to be endorsed over other non-standard alternatives. All of the algorithms that appeared in [RFC4835] are included in this document, for the sake of continuity. In some cases, these algorithms have moved from being SHOULD-implement to MAY-implement algorithms. NEW The algorithms listed as "MAY implement" are not meant to be endorsed over other non-standard alternatives. All of the algorithms that appeared in [RFC4835] are included in this document, for the sake of continuity. In some cases, these algorithms have moved from being "SHOULD implement" to "MAY implement" algorithms. END -- Section 6 -- I wouldn't normally pick on anything in the "Acks" section, but there's this: Much of the wording herein was adapted from [RFC4835], the parent document of this document. Actually, only the Security Considerations and one paragraph from the Introduction survive from 4835, and I'd hardly call the rest "adapted". If you want to leave it as it is, that's fine and this is the last you'll hear from me about it. But it might make sense to reword that to acknowledge the role of 4835 relative to this document somewhat more accurately. |
2014-05-09
|
07 | Barry Leiba | [Ballot Position Update] Position for Barry Leiba has been changed to No Objection from Discuss |
2014-05-08
|
07 | Barry Leiba | [Ballot discuss] -- Section 3 -- This all might be exactly right, but it stands out enough to me that I want to ask the … [Ballot discuss] -- Section 3 -- This all might be exactly right, but it stands out enough to me that I want to ask the question and have the discussion, in order to make sure. "Both confidentiality and authentication SHOULD be provided. If confidentiality is not needed, then authentication MAY be provided." This says that if you confidentiality is not needed, authentication is *entirely* optional, and there is *no* recommendation being made about the use of authentication alone. Is that really what you mean? If I don't need confidentiality, it's perfectly OK for me to skip authentication in all cases, and you don't care? |
2014-05-08
|
07 | Barry Leiba | [Ballot comment] Some totally editorial stuff... no response needed either way: -- Section 4 -- Because you use "SHOULD-", it strikes me that "SHOULD-implement" might … [Ballot comment] Some totally editorial stuff... no response needed either way: -- Section 4 -- Because you use "SHOULD-", it strikes me that "SHOULD-implement" might be misunderstood to refer only to "SHOULD-" algorithms. I suggest changing it this way: OLD The algorithms listed as MAY-implement are not meant to be endorsed over other non-standard alternatives. All of the algorithms that appeared in [RFC4835] are included in this document, for the sake of continuity. In some cases, these algorithms have moved from being SHOULD-implement to MAY-implement algorithms. NEW The algorithms listed as "MAY implement" are not meant to be endorsed over other non-standard alternatives. All of the algorithms that appeared in [RFC4835] are included in this document, for the sake of continuity. In some cases, these algorithms have moved from being "SHOULD implement" to "MAY implement" algorithms. END -- Section 6 -- I wouldn't normally pick on anything in the "Acks" section, but there's this: Much of the wording herein was adapted from [RFC4835], the parent document of this document. Actually, only the Security Considerations and one paragraph from the Introduction survive from 4835, and I'd hardly call the rest "adapted". If you want to leave it as it is, that's fine and this is the last you'll hear from me about it. But it might make sense to reword that to acknowledge the role of 4835 relative to this document somewhat more accurately. |
2014-05-08
|
07 | Barry Leiba | [Ballot Position Update] New position, Discuss, has been recorded for Barry Leiba |
2014-05-07
|
07 | Kathleen Moriarty | Ballot has been issued |
2014-05-07
|
07 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2014-05-07
|
07 | Kathleen Moriarty | Created "Approve" ballot |
2014-05-07
|
07 | Kathleen Moriarty | Placed on agenda for telechat - 2014-05-15 |
2014-05-07
|
07 | Kathleen Moriarty | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2014-05-06
|
07 | Francis Dupont | Request for Last Call review by GENART Completed: Ready. Reviewer: Francis Dupont. |
2014-05-02
|
07 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2014-04-28
|
07 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2014-04-28
|
07 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ipsecme-esp-ah-reqts-07, which is currently in Last Call, and has the following comments: We understand that this document doesn't require … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-ipsecme-esp-ah-reqts-07, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any IANA actions. While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object. If this assessment is not accurate, please respond as soon as possible. |
2014-04-24
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Francis Dupont |
2014-04-24
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Francis Dupont |
2014-04-24
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Bill Manning |
2014-04-24
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Bill Manning |
2014-04-24
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sandra Murphy |
2014-04-24
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sandra Murphy |
2014-04-18
|
07 | Kathleen Moriarty | Ballot writeup was changed |
2014-04-18
|
07 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2014-04-18
|
07 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Cryptographic Algorithm Implementation Requirements and … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)) to Proposed Standard The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-05-02. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This Internet Draft is a standards track proposal to update the Cryptographic Algorithm Implementation Requirements for ESP and AH; it also adds usage guidance to help in the selection of these algorithms. The Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols make use of various cryptographic algorithms to provide confidentiality and/or data origin authentication to protected data communications in the IP Security (IPsec) architecture. To ensure interoperability between disparate implementations, the IPsec standard specifies a set of mandatory-to- implement algorithms. This document specifies the current set of mandatory-to-implement algorithms for ESP and AH, specifies algorithms that should be implemented because they may be promoted to mandatory at some future time, and also recommends against the implementation of some obsolete algorithms. Usage guidance is also provided to help the user of ESP and AH best achieve their security goals through appropriate choices of cryptographic algorithms. This document obsoletes RFC 4835. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-ipsecme-esp-ah-reqts/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-ipsecme-esp-ah-reqts/ballot/ No IPR declarations have been submitted directly on this I-D. |
2014-04-18
|
07 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2014-04-18
|
07 | Cindy Morgan | Last call announcement was generated |
2014-04-18
|
07 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-07.txt |
2014-04-18
|
06 | Kathleen Moriarty | Last call was requested |
2014-04-18
|
06 | Kathleen Moriarty | Ballot approval text was generated |
2014-04-18
|
06 | Kathleen Moriarty | Ballot writeup was generated |
2014-04-18
|
06 | Kathleen Moriarty | IESG state changed to Last Call Requested from AD Evaluation |
2014-04-18
|
06 | Kathleen Moriarty | IESG state changed to AD Evaluation from Publication Requested |
2014-04-18
|
06 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-06.txt |
2014-04-16
|
05 | Kathleen Moriarty | Last call announcement was generated |
2014-04-12
|
05 | Yaron Sheffer | 1. Summary Yaron Sheffer (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document replaces RFC 4835 in specifying … 1. Summary Yaron Sheffer (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document replaces RFC 4835 in specifying requirement levels for various cryptographic algorithms in the ESP and AH protocols. In the 7 years since that older RFC was published, the security of some algorithms diminished, while other, more secure algorithms were published and widely implemented. This information is essential for interoperable implementation of the protocols, and so the document is intended to be a Proposed Standard. 2. Review and Consensus There was lively WG discussion around the specific algorithms and requirement levels, but no major objections. There was wide consensus that the document should be published. 3. Intellectual Property The authors have stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. 4. Other Points There are no normative downrefs. Neither are there any IANA considerations. |
2014-04-12
|
05 | Yaron Sheffer | State Change Notice email list changed to ipsecme-chairs@tools.ietf.org, draft-ietf-ipsecme-esp-ah-reqts@tools.ietf.org |
2014-04-12
|
05 | Yaron Sheffer | Responsible AD changed to Kathleen Moriarty |
2014-04-12
|
05 | Yaron Sheffer | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2014-04-12
|
05 | Yaron Sheffer | IESG state changed to Publication Requested |
2014-04-12
|
05 | Yaron Sheffer | IESG process started in state Publication Requested |
2014-04-12
|
05 | Yaron Sheffer | Changed document writeup |
2014-04-11
|
05 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-05.txt |
2014-04-05
|
04 | Yaron Sheffer | Changed consensus to Yes from Unknown |
2014-04-05
|
04 | Yaron Sheffer | Document shepherd changed to Yaron Sheffer |
2014-04-05
|
04 | Yaron Sheffer | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2014-04-03
|
04 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-04.txt |
2014-03-31
|
03 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-03.txt |
2014-03-03
|
02 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-02.txt |
2014-02-26
|
01 | Yaron Sheffer | IETF WG state changed to In WG Last Call from WG Document |
2014-02-26
|
01 | Yaron Sheffer | Intended Status changed to Proposed Standard from None |
2013-09-06
|
01 | Paul Hoffman | New version available: draft-ietf-ipsecme-esp-ah-reqts-01.txt |
2013-03-12
|
00 | David McGrew | New version available: draft-ietf-ipsecme-esp-ah-reqts-00.txt |