Hi, I reviewed draft-ietf-ipsecme-ikev2-downgrade-prevention-05, in particular the changes around the authentication-failure path for detecting modified IKE_SA_INIT messages.
The -05 text now makes clear that the mechanism does not introduce a separate downgrade-detection procedure. Instead, the additional initial-exchange data is included in the IKEv2 authentication calculation, and an implementation is not expected to distinguish that failure from other authentication failures. That addresses the point I raised during the WG/AD-review discussion. I support publication as Proposed Standard. Best, Songbo Bu On Fri, 29 May 2026 08:35:37 -0700, The IESG [email protected] wrote: The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - ‘Downgrade Prevention for the Internet Key Exchange Protocol Version 2 (IKEv2)’ as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2026-06-12. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes an extension to the Internet Key Exchange protocol version 2 (IKEv2) that prevents particular downgrade attacks on this protocol by having the peers confirm they have participated in the same conversation. This document updates RFC 7296. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-downgrade-prevention/ No IPR declarations have been submitted directly on this I-D. IPsec mailing list – [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
