Hi! From: IPsec <ipsec-boun...@ietf.org> On Behalf Of Warren Kumari Sent: Thursday, December 15, 2022 9:32 AM To: Paul Wouters <p...@nohats.ca> Cc: The IESG <i...@ietf.org>; draft-ietf-ipsecme-ikev1-algo-to-histo...@ietf.org; ipsecme-cha...@ietf.org; ipsec@ietf.org; kivi...@iki.fi Subject: Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-ikev1-algo-to-historic-08: (with DISCUSS)
On Tue, Dec 13, 2022 at 12:51 PM, Warren Kumari <war...@kumari.net<mailto:war...@kumari.net>> wrote: On Tue, Dec 13, 2022 at 10:36 AM, Paul Wouters <p...@nohats.ca<mailto:p...@nohats.ca>> wrote: On Tue, 13 Dec 2022, Warren Kumari via Datatracker wrote: [speaking with author hat on] ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Be ye not afraid -- see https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ on handling ballots, especially DISCUSS ballots... Can the IETF actually deprecate / make a protocol historic? (as stated in "Internet Key Exchange version 1 (IKEv1) has been deprecated" and "IKEv1 has been moved to Historic status.") I agree that **making the documents that describe these** be historic is the right thing to do, and also that the IETF can strongly recommend that people don't use/deploy/whatever IKEv1, but I don't really know if we (or anyone) have the power to deprecate a protocol. We are not the protocol police, and we cannot instruct people to e.g deploy protocol foo, so I don't know if we can deprecate a protocol either -- but I suspect that this might be because I don't actually know what "IKEv1 has been deprecated" actually *means*. Again, I'm not trying to block what this document is attempting to *do*, but rather make it clear what it is actually doing. What it means is that the IETF has stopped maintaining it. It will not allow any new registrations into the related IANA registries and no new work will be started on this protocol version. Perhaps you could add something to the document saying that (or, even better, drop in a reference to an RFC that says that)? From Rob's ballot: "I do wonder exactly how well understood "deprecated" is in the wider community." - it's not just "in the wider community", because it wasn't clear to me *exactly* what it meant. Just following up before the telechat - if we agree to add a clarification I can clear. [Roman] Clarifying words can certainly be added here. The general practice of “deprecating” a protocol to signal IETF’s position on no longer using the protocol precedence as recently as last year: Deprecating TLS 1.0 and TLS 1.1 https://datatracker.ietf.org/doc/rfc8996/ Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2 https://datatracker.ietf.org/doc/rfc9155/ Regards, Roman
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec