ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] [ipsecme] #114: Expired drafts, especially BE

Re: [IPsec] [ipsecme] #114: Expired drafts, especially BEET

From: Tero Kivinen <kivinen_at_nospam>
Date: Wed Oct 28 2009 - 12:11:17 GMT
To: "Frankel, Sheila E." <sheila.frankel@nist.gov>


Frankel, Sheila E. writes:
> 2) Add text to the introductory section for IKEv1, Section 4.1.1:
>
> Additional text:

...
> Two Internet Drafts were written to address these problems: Extended
> Authentication withn IKE (XAUTH) (draft-beaulieu-ike-xauth) and The

                     ^
within

> ISAKMP Configuration Method (draft-dukes-ike-mode-cfg). These
> drafts did not progress to RFC status due to security flaws and
> other problems related to these solutions. However, many current
> IKEv1 implementations incorporate aspects of these solutions to
> facilitate remote user access to corporate VPNs. Since these
> solutions were not standardized, there is no assurance that the
> implementations adhere fully to the suggested solutions, or that one
> implementation can interoperate with others that claim to
> incorporate the same features. Furthermore, these solutions have
> know security issues. Thus, use of these solutions is not
> recommended, and these Internet Drafts are not specified in this
> roadmap.

I wonder if we should also say that different implementations took different versions of the drafts (and their predecessors draft-ietf-ipsra-isakmp-xauth and draft-ietf-ipsec-isakmp-mode-cfg) and those different versions are NOT necessarely interoperable which each other.

Actually listing also those predecessor drafts might be good idea as implementations done before year 2000 mostly refer to them, and we are talking about old expired drafts to obsoleted protocol, so most likely people using them are not from this centrury :-) -- kivinen@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec