Hi, this version contains the following changes (besides fixed typos and grammar): - a discussion about the possibility of cross-protocol attacks is added to Security Considerations - a reservation is made that future specifications may make use of the notification data of the IKE_SA_INIT_FULL_TRANSCRIPT_AUTH notify, so its content MUST be ignored (note that such reservation exists in RFC 9242 and RFC 9867).
Since the draft is past WGLC, please chime in if you disagree with these changes. Regards, Chris & Valery. > -----Original Message----- > From: [email protected] <[email protected]> > Sent: Wednesday, April 29, 2026 10:42 AM > To: [email protected] > Cc: [email protected] > Subject: [IPsec] I-D Action: > draft-ietf-ipsecme-ikev2-downgrade-prevention-04.txt > > Internet-Draft draft-ietf-ipsecme-ikev2-downgrade-prevention-04.txt is now > available. It is a work item of the IP Security Maintenance and Extensions > (IPSECME) WG of the IETF. > > Title: Downgrade Prevention for the Internet Key Exchange Protocol > Version 2 (IKEv2) > Authors: Valery Smyslov > Christopher Patton > Name: draft-ietf-ipsecme-ikev2-downgrade-prevention-04.txt > Pages: 12 > Dates: 2026-04-29 > > Abstract: > > This document describes an extension to the Internet Key Exchange > protocol version 2 (IKEv2) that prevents particular downgrade attacks > on this protocol by having the peers confirm they have participated > in the same conversation. > > This document updates RFC 7296. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-downgrade-prevention/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-downgrade-prevention-04 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-ikev2-downgrade-prevention-04 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
