On Tue, 13 Dec 2022, Warren Kumari via Datatracker wrote:
[speaking with author hat on]
---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Be ye not afraid -- see https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on handling ballots, especially DISCUSS ballots... Can the IETF actually deprecate / make a protocol historic? (as stated in "Internet Key Exchange version 1 (IKEv1) has been deprecated" and "IKEv1 has been moved to Historic status.") I agree that **making the documents that describe these** be historic is the right thing to do, and also that the IETF can strongly recommend that people don't use/deploy/whatever IKEv1, but I don't really know if we (or anyone) have the power to deprecate a protocol. We are not the protocol police, and we cannot instruct people to e.g deploy protocol foo, so I don't know if we can deprecate a protocol either -- but I suspect that this might be because I don't actually know what "IKEv1 has been deprecated" actually *means*. Again, I'm not trying to block what this document is attempting to *do*, but rather make it clear what it is actually doing.
What it means is that the IETF has stopped maintaining it. It will not allow any new registrations into the related IANA registries and no new work will be started on this protocol version. It does not make any recommendations to users or administrators on whether they should stop running it and migrate, although it is a pretty strong hint that this protocol is dying and it would be wise to move away from it. It also means that other documents that want to depend on IKE, have to ensure it works (and references) IKEv2, not IKEv1. The IETF does not tell you which protocols to use or not use. However, other organizations that do, often base their requirements on IETF recommendations. This is where the IETF and others (eg NIST, PCI-DSS) play a careful balancing act. The IETF tries to nudge people in the right direction. But it is indeed not the protocol police. Note that the document itself does not deprecate anything. It cannot. Only the IESG can change a document static to historic. See your other work item on the telechat where this is requested. Only after that request passes the IESG, can this document move further and say that "it has happened". Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
