Deprecation of the Internet Key Exchange Version 1 (IKEv1) Protocol and Obsoleted Algorithms
draft-ietf-ipsecme-ikev1-algo-to-historic-09

[Ballot comment]
The document shepherd writeup says:

--
15. Should any informative references be normative or vice-versa?

Yes.
--

I'm assuming the shepherd just ran over the question too quickly.  But, if you really meant "Yes" here, what's the plan to fix it?

Section 7 says: "All entries not mentioned here should receive no value in the new Status field."  Why not have a status of "current" or something definite?

[Ballot comment]
Thank you for the work on this document.

I would suggest requesting IANA to add a pointer to this specification in their current Notes (they currently have Notes pointing to 8221 and 8247). I would also suggest to expand on the meaning of the "Status" column and its allowed values, including said values meaning - I guess this is related to Warren's DISCUSS. It might seem unnecessary and self-explanatory to the authors, but it can't hurt to be exceedingly clear.

[Ballot discuss]
Be ye not afraid -- see https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on handling ballots, especially DISCUSS ballots...

Can the IETF actually deprecate / make a protocol historic? (as stated in "Internet Key Exchange version 1 (IKEv1) has been deprecated" and "IKEv1 has been moved to Historic status.")

I agree that **making the documents that describe these** be historic is the right thing to do, and also that the IETF can strongly recommend that people don't use/deploy/whatever IKEv1, but I don't really know if we (or anyone) have the power to deprecate a protocol. We are not the protocol police, and we cannot instruct people to e.g deploy protocol foo, so I don't know if we can deprecate a protocol either -- but I suspect that this might be because I don't actually know what "IKEv1 has been deprecated" actually *means*.

Again, I'm not trying to block what this document is attempting to *do*, but rather make it clear what it is actually doing.

[Ballot comment]
# GEN AD review of draft-ietf-ipsecme-ikev1-algo-to-historic-08

CC @larseggert

Thanks to Roni Even for the General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/rK3E1XT4aINFH14eXi90vEqPa0o).

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Typos

#### Section 4.2, paragraph 1
```
-    method was never standarized in IKEv1.  Those IKEv1 systems that
+    method was never standardized in IKEv1.  Those IKEv1 systems that
+                            +
```

### Outdated references

Reference `[RFC4306]` to `RFC4306`, which was obsoleted by `RFC5996` (this may
be on purpose).

Reference `[RFC2407]` to `RFC2407`, which was obsoleted by `RFC4306` (this may
be on purpose).

Reference `[RFC2409]` to `RFC2409`, which was obsoleted by `RFC4306` (this may
be on purpose).

Reference `[RFC2408]` to `RFC2408`, which was obsoleted by `RFC4306` (this may
be on purpose).

### URLs

These URLs point to tools.ietf.org, which has been taken out of service:

* https://tools.ietf.org/id/draft-ietf-ipsecme-labeled-ipsec-06.txt

### Grammar/style

#### Section 6, paragraph 1
```
ocument instructs IANA to add an additional Status column to the IKEv2 Transf
                          ^^^^^^^^^^^^^^^^^^^^^^^^
```
This phrase might be redundant. Consider either removing or replacing the
adjective "additional".

#### Section 7, paragraph 5
```
ment] Figure 3 Transform Type 4 - Diffie Hellman Group Transform IDs Number
                                  ^^^^^^^^^^^^^^
```
This word is normally spelled with a hyphen.

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT].

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments
[IRT]: https://github.com/larseggert/ietf-reviewtool

[Ballot comment]
Thanks for this.  A pretty easy document, and always good to clear out old cruft.

I do wonder exactly how well understood "deprecated" is in the wider community.

E.g.,

(i) the definition of deprecated in YANG (RFC 7950) is:
  o  "deprecated" indicates an obsolete definition, but it permits
      new/continued implementation in order to foster interoperability
      with older/existing implementations.

(ii) the definition in Java is:
  A program element annotated @Deprecated is one that programmers are discouraged from using,
  typically because it is dangerous, or because a better alternative exists. Compilers warn
  when a deprecated program element is used or overridden in non-deprecated code.

I think that the definition that security uses is presumably much closer to (ii), or not even stronger in sentiment to move away from it?

I tried to search and find a definition in IANA of exactly what deprecated means, but with no luck.

Perhaps there is already a security definition of deprecated that could be referenced, or if not, it might be helpful to:
- in Section 5, unambiguously specify what is meant by deprecated.
- in Section 7, bind the definition of the Status column back to Section 5.

Regards,
Rob

[Ballot comment]
# Internet AD comments for draft-ietf-ipsecme-ikev1-algo-to-historic-08
CC @ekline

### S3

* I think "therefore" to be more correct that "therefor" in this usage.
  (But I'll also defer to a proper grammarian. =)

* s/defacto/de facto/, perhaps

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-ipsecme-ikev1-algo-to-historic-07. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document.

We understand that, upon approval of this document, there are four actions which we must complete.

First, in the Transform Type 1 - Encryption Algorithm Transform IDs registry on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at:

https://www.iana.org/assignments/ikev2-parameters/

an additional Status column will be added to the registry and the following entries will be marked DEPRECATED:

Number Name Status
------ --------------- ------
1 ENCR_DES_IV64 DEPRECATED [ RFC-to-be ]
2 ENCR_DES DEPRECATED [RFC8247]
4 ENCR_RC5 DEPRECATED [ RFC-to-be ]
5 ENCR_IDEA DEPRECATED [ RFC-to-be ]
6 ENCR_CAST DEPRECATED [ RFC-to-be ]
7 ENCR_BLOWFISH DEPRECATED [ RFC-to-be ]
8 ENCR_3IDEA DEPRECATED [ RFC-to-be ]
9 ENCR_DES_IV32 DEPRECATED [ RFC-to-be ]

Second, in the Transform Type 2 - Pseudorandom Function Transform IDs registry also on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at:

https://www.iana.org/assignments/ikev2-parameters/

an additional Status column will be added to the registry and the following entries will be marked DEPRECATED:

Number Name Status
------ ------------ ----------
1 PRF_HMAC_MD5 DEPRECATED [RFC8247]
1 PRF_HMAC_TIGER DEPRECATED [ RFC-to-be ]

IANA Question --> is the Number for the Transform Type PRF_HMAC_TIGER a typo? Should, the actual number be the value 3?

Third, in the Transform Type 3 - Integrity Algorithm Transform IDs registry of the Transform Type Values registry also on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at:

https://www.iana.org/assignments/ikev2-parameters/

an additional Status column will be added to the registry and the following entries will be marked DEPRECATED:

Number Name Status
------ ----------------- ----------
1 AUTH_HMAC_MD5_96 DEPRECATED [RFC8247]
3 AUTH_DES_MAC DEPRECATED [RFC8247]
4 AUTH_KPDK_MD5 DEPRECATED [RFC8247]
6 AUTH_HMAC_MD5_128 DEPRECATED [ RFC-to-be ]
7 AUTH_HMAC_SHA1_160 DEPRECATED [ RFC-to-be ]

Fourth, in the Transform Type 4 - Diffie Hellman Group Transform IDs registry also on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at:

Number Name Status
------ ---------------------------- ----------
1 768-bit MODP Group DEPRECATED [RFC8247]
22 1024-bit MODP Group with
160-bit Prime Order Subgroup DEPRECATED [RFC8247]

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

Sabrina Tanamal
Lead IANA Services Specialist

The following Last Call announcement was sent out (ends 2022-11-18):

From: The IESG
To: IETF-Announce
CC: draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org, ipsec@ietf.org, ipsecme-chairs@ietf.org, kivinen@iki.fi, rdd@cert.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Deprecation of IKEv1 and obsoleted algorithms) to Proposed Standard


The IESG has received a request from the IP Security Maintenance and
Extensions WG (ipsecme) to consider the following document: - 'Deprecation of
IKEv1 and obsoleted algorithms'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2022-11-18. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  Internet Key Exchange version 1 (IKEv1) has been deprecated and its
  specification in RFC2407, RFC2408 and RFC2409 have been moved to
  Historic status.  A number of old algorithms that are associated with
  IKEv1, and not widely implemented for IKEv2 are deprecated as well.
  This document updates RFC 8221 and RFC 8247 and adds a Status column
  to the IANA IKEv2 Transform Type registries that shows the
  deprecation status.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev1-algo-to-historic/



No IPR declarations have been submitted directly on this I-D.

# Document Shepherd Writeup

*This version is dated 8 April 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There is broad agreement in the WG to go forward with this draft.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

There have been few individuals complaining about some of the wordings
describing the reasons of moving IKEv1 to historic, but I think
we managed to reach consensus on the wording.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

This is moving old very widely implemented protocol IKEv1, which have already
been replaced and obsoleted by IKEv2 in 2005, to historic status and also
deprecates several weak or unspecified algorithms used by it. Thus there
are lots of implementations out there and this document allows implementors
to remove their support from the old IKEv1 protocol, by giving stronger signal
that is past time to migrate any IKEv1 left to IKEv2.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

No applicable.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

Document does not contain Yang module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

None needed.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

Security area has already been reviewing this document.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

This document contains rationale why to move IKEv1 to historic status, and
should be combined with the IESG action document that moves IKEv1 (RFC2407,
RFC2408 and RFC2409) to Historic status. This document also includes
deprecation of several weak or unspecified cryptographic algorithms, and
because of that needs to be published as an RFC.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

The author and their employer(s) have no IPR. No one else claimed IPR
and it seemed to be impossible to have IPR on this.

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

Yes.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

The abstract does not mention the directly RFCs this document is updating.
Those documents are the RFCs listing mandatory to implement algorithms
and the abstract do say "A number of old algorithms that are associated
with IKEv1, and not widely implemented for IKEv2 are deprecated as well."

15. Should any informative references be normative or vice-versa?

Yes.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All of the normative references are RFCs.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Yes. It moves IKEv1 to Historic which need associated IESG action document
to do the actual change for status of those RFCs (RFC2407, RFC2408, and RFC2409).

It also lists updating RFC8221, and RFC8247 which are IKEv2 documents that list
mandatory to implement cryptographic algorithms for IKEv2, because it marks
several of those algorithms to DEPRECATED status.   

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

This document adds new column to the IKEv2 cryptographic algorithms
IANA registry, and will mark some of the algorithms in those registries
as DEPRECATED.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

This document does not create new IANA registries.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

# Document Shepherd Writeup

*This version is dated 8 April 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There is broad agreement in the WG to go forward with this draft.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

There have been few individuals complaining about some of the wordings
describing the reasons of moving IKEv1 to historic, but I think
we managed to reach consensus on the wording.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

This is moving old very widely implemented protocol IKEv1, which have already
been replaced and obsoleted by IKEv2 in 2005, to historic status and also
deprecates several weak or unspecified algorithms used by it. Thus there
are lots of implementations out there and this document allows implementors
to remove their support from the old IKEv1 protocol, by giving stronger signal
that is past time to migrate any IKEv1 left to IKEv2.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

No applicable.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

Document does not contain Yang module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

None needed.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

Security area has already been reviewing this document.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

This document contains rationale why to move IKEv1 to historic status, and
should be combined with the IESG action document that moves IKEv1 (RFC2407,
RFC2408 and RFC2409) to Historic status. This document also includes
deprecation of several weak or unspecified cryptographic algorithms, and
because of that needs to be published as an RFC.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

The author and their employer(s) have no IPR. No one else claimed IPR
and it seemed to be impossible to have IPR on this.

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

Yes.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

The abstract does not mention the directly RFCs this document is updating.
Those documents are the RFCs listing mandatory to implement algorithms
and the abstract do say "A number of old algorithms that are associated
with IKEv1, and not widely implemented for IKEv2 are deprecated as well."

15. Should any informative references be normative or vice-versa?

Yes.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All of the normative references are RFCs.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Yes. It moves IKEv1 to Historic which need associated IESG action document
to do the actual change for status of those RFCs (RFC2407, RFC2408, and RFC2409).

It also lists updating RFC8221, and RFC8247 which are IKEv2 documents that list
mandatory to implement cryptographic algorithms for IKEv2, because it marks
several of those algorithms to DEPRECATED status.   

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

This document adds new column to the IKEv2 cryptographic algorithms
IANA registry, and will mark some of the algorithms in those registries
as DEPRECATED.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

This document does not create new IANA registries.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

# Document Shepherd Writeup

*This version is dated 8 April 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

There is broad agreement in the WG to go forward with this draft.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

There have been few individuals complaining about some of the wordings
describing the reasons of moving IKEv1 to historic, but I think
we managed to reach consensus on the wording.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

This is moving old very widely implemented protocol IKEv1, which have already
been replaced and obsoleted by IKEv2 in 2005, to historic status. Thus there
are lots of implementations out there and this document allows implementors
to remove their support from the old IKEv1 protocol, by giving stronger signal
that is past time to migrate any IKEv1 left to IKEv2.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?

No.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

No applicable.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

Document does not contain Yang module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

None needed.

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?

Security area has already been reviewing this document.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?

This document will be moving IKEv1 to historic status, and is marked as
proposed standard. It also updates the IANA registries by moving several
old and unsecure algorithms to DEPRECATED status.

12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.

The author and their employer(s) have no IPR. No one else claimed IPR
and it seemed to be impossible to have IPR on this.

13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.

Yes.

14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.

The abstract does not mention the directly RFCs this document is updating.
Those documents are the RFCs listing mandatory to implement algorithms
and the abstract do say "A number of old algorithms that are associated
with IKEv1, and not widely implemented for IKEv2 are deprecated as well."

15. Should any informative references be normative or vice-versa?

Yes. Shepherd requested some changes to the informative / normative references
split.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

All of the normative refenrences are RFCs.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.

No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

Yes. It moves IKEv1 to Historic which will change the status of those RFCs.

It also lists updating RFC7296, RFC8221, RFC8247. Shepherd does not see why
this document should be updating RFC7296. 

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).

This document adds new column to the IKEv2 cryptographic algorithms
IANA registry, and will mark some of the algorithms in those registries
as DEPRECATED.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

This document does not create new IANA registries.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html