Paul Wouters <p...@nohats.ca> wrote: >> IKEv1 is done, it's over, it's dead. It's been like that for more than >> a decade.
> I think there is a big difference between "done developing it" and > "done running it". A decade ago almost everything was IKEv1. Today, > with the exception of Android and ten year old gear, everything is > IKEv2. And Android is scheduled to fix that this summer. So the move to > Historic does seem valid now, and was not 10 years ago. +1 >> We already made a statement that we won't touch IKEv1 anymore and we >> made that statement fifteen years ago. And we're still doing "die die >> die" stuff that's now been refashioned into a "graveyard" effort in >> order to address the sensitive sensibilities of the new IETF, but it's >> still the same thing. It's trying add an underscore and an exclamation >> point to a statement that was already made. Because we're really >> serious this time-- it's in the graveyard! > I agree, it is kind of a symbolic gesture. But I think it will help > (and not harm), so I think we should just publish it for those who can > use it as a lever to migrate more older setups to new. To be honest, > the biggest gain will be that people stop using DH1024, DH1536 and SHA1 > that are defacto the only DH groups used with IKEv1. It will gain more than symbolism if it becomes an audit checkpoint, and will actually push people to upgrade. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec