Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
draft-kivinen-ipsecme-signature-auth-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-01-05
|
07 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2014-12-15
|
07 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2014-12-03
|
07 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2014-12-03
|
07 | (System) | RFC Editor state changed to RFC-EDITOR from IANA |
2014-12-02
|
07 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2014-12-02
|
07 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2014-12-02
|
07 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2014-12-01
|
07 | (System) | IANA Action state changed to In Progress from Waiting on ADs |
2014-11-21
|
07 | (System) | RFC Editor state changed to IANA from EDIT |
2014-10-29
|
07 | Amy Vezza | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2014-10-28
|
07 | (System) | RFC Editor state changed to EDIT |
2014-10-28
|
07 | (System) | Announcement was received by RFC Editor |
2014-10-28
|
07 | (System) | IANA Action state changed to Waiting on ADs |
2014-10-27
|
07 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2014-10-27
|
07 | Amy Vezza | IESG has approved the document |
2014-10-27
|
07 | Amy Vezza | Closed "Approve" ballot |
2014-10-27
|
07 | Amy Vezza | Ballot approval text was generated |
2014-08-18
|
07 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'No Response' |
2014-08-15
|
07 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2014-08-07
|
07 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2014-08-07
|
07 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2014-08-06
|
07 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2014-08-06
|
07 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2014-08-06
|
07 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2014-08-06
|
07 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
2014-08-06
|
07 | Richard Barnes | [Ballot comment] Thanks for re-using PKIX algorithm identifiers instead of inventing new ones! |
2014-08-06
|
07 | Richard Barnes | [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes |
2014-08-06
|
07 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2014-08-05
|
07 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2014-08-04
|
07 | Brian Haberman | [Ballot comment] I have the same question as Barry. |
2014-08-04
|
07 | Brian Haberman | Ballot comment text updated for Brian Haberman |
2014-08-04
|
07 | Barry Leiba | [Ballot comment] -- Section 5 -- This section povides three ways by which the responder can select an appropiate key pair type, but gives little … [Ballot comment] -- Section 5 -- This section povides three ways by which the responder can select an appropiate key pair type, but gives little guidance about how to go about the process. What happens if the different methods give different results? Should they be applied in a particular order? Why does this specification not cover this? |
2014-08-04
|
07 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2014-08-04
|
07 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2014-08-04
|
07 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2014-08-02
|
07 | Brian Carpenter | Request for Telechat review by GENART Completed: Ready. Reviewer: Brian Carpenter. |
2014-07-31
|
07 | Jean Mahoney | Request for Telechat review by GENART is assigned to Brian Carpenter |
2014-07-31
|
07 | Jean Mahoney | Request for Telechat review by GENART is assigned to Brian Carpenter |
2014-07-24
|
07 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2014-07-24
|
07 | Kathleen Moriarty | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2014-07-24
|
07 | Kathleen Moriarty | Ballot has been issued |
2014-07-24
|
07 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2014-07-24
|
07 | Kathleen Moriarty | Created "Approve" ballot |
2014-07-24
|
07 | Kathleen Moriarty | Ballot writeup was changed |
2014-07-24
|
07 | Kathleen Moriarty | Placed on agenda for telechat - 2014-08-07 |
2014-07-24
|
07 | Kathleen Moriarty | Ballot writeup was changed |
2014-07-24
|
07 | Kathleen Moriarty | Tags Other - see Comment Log, Doc Shepherd Follow-up Underway cleared. |
2014-07-24
|
07 | Kathleen Moriarty | IESG state changed to Waiting for AD Go-Ahead from Waiting for Writeup |
2014-07-21
|
07 | Paul Hoffman | Shepherd Writeup for draft-kivinen-ipsecme-signature-auth-06 1. Summary Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document generalizes … Shepherd Writeup for draft-kivinen-ipsecme-signature-auth-06 1. Summary Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document generalizes the IKEv2 signature support so it can support any signature method supported by the PKIX and also adds signature hash algorithm negotiation. This means that all types of signatures, not just RSA and ECDSA, and any type of elliptic curves can be supported. Given that this is a protocol extension, it is meant to be a Proposed Standard. 2. Review and Consensus The WG discussion of the document was very good, with wide consensus for adoption. There were no objections to adoption. There were only a few small changes requested during IETF Last Call, and the authors made them. 3. Intellectual Property The author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. 4. Other Points There are no normative downrefs. The IANA Considerations are short and to the point. The new registry is by expert review, and the document author is extremely likely to become the expert reviewer. The draft went through an extensive editorial revision after WG Last Call, and that version was last called again in the WG. Joel Snyder was added as co-author. |
2014-07-21
|
07 | Tero Kivinen | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2014-07-21
|
07 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-07.txt |
2014-07-15
|
06 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2014-07-10
|
06 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2014-07-10
|
06 | Pearl Liang | IESG/Authors/WG Chairs: IANA has reviewed draft-kivinen-ipsecme-signature-auth-06. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon … IESG/Authors/WG Chairs: IANA has reviewed draft-kivinen-ipsecme-signature-auth-06. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon as possible. We received the following comments/questions from the IANA's reviewer: IANA understands that, upon approval of this document, there are three actions which IANA must complete. First, in the Internet Key Exchange Version 2 (IKEv2) Parameters registry located at: www.iana.org/assignments/ikev2-parameters/ a new subregistry will be created called the IKEv2 Hash Algorithms registry. Maintenance of the new subregistry is to be done through Expert Review as defined by RFC 5226. Values 0 through 4 are the subject of initial registrations. Values 5-1023 are not yet registered. Values 1024-65535 are available for private use as defined by RFC 5226. There are initial registrations in this new subregistry as follows: Hash Algorithm Value Reference -------------- ----- ---------------- RESERVED 0 [ RFC-to-be ] SHA1 1 [ RFC-to-be ] SHA2-256 2 [ RFC-to-be ] SHA2-384 3 [ RFC-to-be ] SHA2-512 4 [ RFC-to-be ] Second, in the IKEv2 Notify Message Types - Status Types subregistry of the Internet Key Exchange Version 2 (IKEv2) Parameters registry located at: www.iana.org/assignments/ikev2-parameters/ a new status type is to be added as follows: Value: [ TBD-at-registration ] Motify Messages - Status Types: SIGNATURE_HASH_ALGORITHMS Reference: [ RFC-to-be ] Third, in the IKEv2 Authentication Method subregistry also in the Internet Key Exchange Version 2 (IKEv2) Parameters registry located at: www.iana.org/assignments/ikev2-parameters/ a new authrentication method is to be registered as follows: Value: [ TBD-at-registration ] Authentication Method: Digital Signature Reference: [ RFC-to-be ] IANA understands that these three actions are the only ones required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
2014-07-06
|
06 | Brian Carpenter | Request for Last Call review by GENART Completed: Almost Ready. Reviewer: Brian Carpenter. |
2014-07-06
|
06 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Lionel Morand |
2014-07-06
|
06 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Lionel Morand |
2014-07-03
|
06 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2014-07-03
|
06 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2014-07-03
|
06 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Ondřej Surý |
2014-07-03
|
06 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Ondřej Surý |
2014-07-01
|
06 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2014-07-01
|
06 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Signature Authentication in IKEv2) to … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Signature Authentication in IKEv2) to Proposed Standard The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Signature Authentication in IKEv2' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-07-15. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Internet Key Exchange Version 2 (IKEv2) protocol has limited support for the Elliptic Curve Digital Signature Algorithm (ECDSA). The current version only includes support for three Elliptic Curve groups, and there is a fixed hash algorithm tied to each group. This document generalizes IKEv2 signature support to allow any signature method supported by the PKIX and also adds signature hash algorithm negotiation. This is a generic mechanism, and is not limited to ECDSA, but can also be used with other signature algorithms. The file can be obtained via http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-signature-auth/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-signature-auth/ballot/ No IPR declarations have been submitted directly on this I-D. This draft updates RFC5996, however RFC5996 is in process of being updated in RFC5996-bis and will likely be published before this draft. Each mention of RFC5996 should be replaced with the new RFC number for RFC5996-bis once a number has been assigned. |
2014-07-01
|
06 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2014-07-01
|
06 | Kathleen Moriarty | Last call was requested |
2014-07-01
|
06 | Kathleen Moriarty | Ballot approval text was generated |
2014-07-01
|
06 | Kathleen Moriarty | Ballot writeup was generated |
2014-07-01
|
06 | Kathleen Moriarty | IESG state changed to Last Call Requested from AD Evaluation |
2014-07-01
|
06 | Kathleen Moriarty | Last call announcement was changed |
2014-07-01
|
06 | Kathleen Moriarty | Last call announcement was generated |
2014-07-01
|
06 | Kathleen Moriarty | Last call announcement was changed |
2014-07-01
|
06 | Kathleen Moriarty | Last call announcement was changed |
2014-07-01
|
06 | Stephen Farrell | Last call announcement was generated |
2014-06-30
|
06 | Kathleen Moriarty | IESG state changed to AD Evaluation from Publication Requested |
2014-05-14
|
06 | Paul Hoffman | Shepherd Writeup for draft-kivinen-ipsecme-signature-auth-06 1. Summary Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document generalizes … Shepherd Writeup for draft-kivinen-ipsecme-signature-auth-06 1. Summary Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document generalizes the IKEv2 signature support so it can support any signature method supported by the PKIX and also adds signature hash algorithm negotiation. This means that all types of signatures, not just RSA and ECDSA, and any type of elliptic curves can be supported. Given that this is a protocol extension, it is meant to be a Proposed Standard. 2. Review and Consensus The WG discussion of the document was very good, with wide consensus for adoption. There were no objections to adoption. 3. Intellectual Property The author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. 4. Other Points There are no normative downrefs. The IANA Considerations are short and to the point. The new registry is by expert review, and the document author is extremely likely to become the expert reviewer. The draft went through an extensive editorial revision after WG Last Call, and that version was last called again in the WG. Joel Snyder was added as co-author. |
2014-05-07
|
06 | Paul Hoffman | In a second WG LC to verify changes in -06 |
2014-05-07
|
06 | Paul Hoffman | Tags Other - see Comment Log, Doc Shepherd Follow-up Underway set. |
2014-05-07
|
06 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-06.txt |
2014-04-01
|
05 | Paul Hoffman | Shepherd Writeup for draft-kivinen-ipsecme-signature-auth-06 1. Summary Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document generalizes … Shepherd Writeup for draft-kivinen-ipsecme-signature-auth-06 1. Summary Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. This document generalizes the IKEv2 signature support so it can support any signature method supported by the PKIX and also adds signature hash algorithm negotiation. This means that all types of signatures, not just RSA and ECDSA, and any type of elliptic curves can be supported. Given that this is a protocol extension, it is meant to be a Proposed Standard. 2. Review and Consensus The WG discussion of the document was very good, with wide consensus for adoption. There were no objections to adoption. 3. Intellectual Property The author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. 4. Other Points There are no normative downrefs. The IANA Considerations are short and to the point. The new registry is by expert review, and the document author is extremely likely to become the expert reviewer. |
2014-04-01
|
05 | Paul Hoffman | State Change Notice email list changed to ipsecme-chairs@tools.ietf.org, draft-kivinen-ipsecme-signature-auth@tools.ietf.org |
2014-04-01
|
05 | Paul Hoffman | Responsible AD changed to Kathleen Moriarty |
2014-04-01
|
05 | Paul Hoffman | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2014-04-01
|
05 | Paul Hoffman | IESG state changed to Publication Requested |
2014-04-01
|
05 | Paul Hoffman | IESG process started in state Publication Requested |
2014-04-01
|
05 | Paul Hoffman | Changed document writeup |
2014-03-31
|
05 | Paul Hoffman | Changed consensus to Yes from Unknown |
2014-03-31
|
05 | Paul Hoffman | Document shepherd changed to Paul E. Hoffman |
2014-03-31
|
05 | Paul Hoffman | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2014-03-28
|
05 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-05.txt |
2013-12-09
|
04 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-04.txt |
2013-11-13
|
03 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-03.txt |
2013-10-23
|
02 | Yaron Sheffer | IETF WG state changed to In WG Last Call from WG Document |
2013-10-23
|
02 | Yaron Sheffer | IETF WG state changed to WG Document from Call For Adoption By WG Issued |
2013-10-23
|
02 | Yaron Sheffer | Intended Status changed to Proposed Standard from None |
2013-10-23
|
02 | Yaron Sheffer | IETF WG state changed to Call For Adoption By WG Issued from None |
2013-10-23
|
02 | Yaron Sheffer | Changed group to IP Security Maintenance and Extensions (IPSECME) |
2013-10-23
|
02 | Yaron Sheffer | Changed to IETF |
2013-10-18
|
02 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-02.txt |
2013-04-16
|
01 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-01.txt |
2012-12-04
|
00 | Tero Kivinen | New version available: draft-kivinen-ipsecme-signature-auth-00.txt |