On Wed, July 18, 2012 11:45 am, Tero Kivinen wrote: [snip] >> [Question 1] Should we include IKEv1 in the specs as well? It seems >> that some people in the WG do not like the idea of updating this >> obsolete protocol. On the other hand, many applications still use >> IKEv1 and specifying the use of the Brainpool curves only for IKEv2 >> would exclude these. > > I would be strongly against for including support for protocol which > has been obsoleted 7 years ago. If people want to use this kind of > groups in IKEv1 they can use the new group mode and negotiate groups > on the fly. There is no need to add them to IKEv1.
In spite of this designation IKEv1 is still widely used and I would posit that it is used more than IKEv2. IKE already has the way to handle new domain parameter sets that are publicly defined and that is through the IANA registry. Your suggestion to use New Group Mode to use brainpool ECC groups would only hamstring IKEv1 and make it harder to use. It would be a blunt club to force people into doing something that they haven't decided to do on their own (to your apparent chagrin). The IETF does not have a lot of success at forcing people to do things they do not want to do on their own and I think this sort of thing is somewhat inappropriate. Why there are two identical repositories to map unsigned shorts to complete domain parameter sets is beyond me but there are. These two repositories have been updated in concert in the past and and there is no good reason to have them diverge now. Dan. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
