Oh, by "update to IKEv2", I was just referring to RFCing this draft as a supported extension to IKEv2, nothing else.
________________________________ From: Christopher Patton <[email protected]> Sent: Tuesday, July 29, 2025 5:22 PM To: Scott Fluhrer (sfluhrer) <[email protected]> Cc: ipsec <[email protected]> Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-downgrade-prevention Can you clarify what you mean by "update" to IKEv2? During IETF 123 there were suggestions in the chat that this feature could be considered as part of a major revision of IKE. I would prefer we land this in IKE v2 so that we can implement it as soon as possible. The alternative is to disable classical-only key exchange on a per-peer basis, based on out-of-band information about the peer. Thinking about my organization's deployment of IPsec, we're expecting the downgrade prevention extension to be a much smoother upgrade path. Best, Chris P. [1] https://mailarchive.ietf.org/arch/msg/ipsec/vSjVbzw0vAbHIxHvzNLvl3Z-NqU/ [2] https://github.com/smyslov/ikev2-downgrade-prevention/pull/1
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
