On Tue, September 25, 2012 4:02 am, Tero Kivinen wrote:
> Dan Harkins writes:
>> I voiced support but there was some opposition along the lines of:
>>
>> * we cannot update the IANA registry of an obsoleted protocol.
>> * it is not appropriate for a protocol other than RFC 2409 to use
>> the IANA registry created by RFC 2409.
>>
>> Both of these are wrong. RFC 5114 updated this very same registry
>> after RFC 2409 was obsoleted and there was no hullabaloo over
>> that action.
>
> When draft-lepinski-dh-groups was discussed in the ipsec-list we were
> most concerned about the format of the KE payloads and so on, and I do
> not think anybody actually even reacted to the fact that it updates
> IKEv1 registry too. At that point it was also 2 years since the IKEv1
> was obsoleted, now it is 7 years, so I do think there is a difference.
There is no time limit that I'm aware of that suddenly makes an
acceptable process suddenly become unacceptable.
>> And RFC 5931 (EAP-pwd) uses that registry and it
>> got approved for publication long after RFC 2409 was obsoleted,
>> again without any hullabaloo.
>
> Never knew that RFC 5931 is using that same registry. This was not
> pointed out in the IPsec list, thus I think most peoples just didn't
> realize the issue.
I brought it up at the SAAG meeting back in Vancouver. You were
there.
>> There is no valid process reason to not just let Johannes's draft
>> update the IKEv1 registry while it's updating the IKEv2 registry
>> (just like RFC 5114 did) and there is precedence which we could
>> just follow to avoid all this mess.
>
> It is time to stop updating obsoleted IKEv1 protocol. Even when there
> has been case where it was approved 5 years ago, that does not mean we
> are going to do it forever.
I will admit that you are repeatedly making that assertion but it's just
some sort of argumentum ad infinitum/absurdum statement. There is
no reasoning behind your assertion. Just "we must stop!" and "we
cannot continue forever!"
You essentially admit that there is no process reason to not just
update the registry and there's really no prohibition on other protocols
referring to the registry that was created by another protocol. You
may not like it, but that is not a legitimate reason.
You snipped out the portion of my email where I noted that I did
not foresee any calamity that would befall us all if the IKEv1 registry
is merely updated in the same way it was by RFC 5114-- just add the
code points without any back pointers or front pointers or ridiculous
notes. So let me ask you directly:
What calamity will befall us all if the IKEv1 registry is just updated
in exactly the same way that RFC 5114 updated the registry?
>> In spite of that. it was decided to not update the IKEv1 registry
>> with the Brainpool curves. When IEEE got wind of this, they sent
>> a request, via the IEEE-to-IETF liaison, to please reconsider since
>> they have more than 1 protocol used in 802.11 that reference
>> that registry (i.e. it's not just SAE).
>
> I could not find any other protocol than SAE, can you give me
> references to which other IEEE protocols use that registry directly
> (i.e. not through some RFC).
There is a novel use of an unauthenticated Diffie-Hellman by
the audio/visual streaming protocol (added by TGaa).
Dan.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
