RE: IKEv2 and IANA registry

["Charlie Kaufman" <charliek@microsoft.com>]

There are number of minor inconsistencies between ikev2-13 and
ikev2-iana-01, of which the one you point out is the only really
important one. I've been meaning to post a list so we can decide which
document to change in each case.

There was an error in ikev2-10(?) and prior where the security protocol
ID was listed with two different sets of values in two places. The IANA
document reflected this by having two different protocol ID registries
with slightly different names with the different values. ('IKEv2
Security Protocol Identifiers' has the correct values; 'IKEv2 Proposal
Substructure Protocol-IDs' has the incorrect values.). The fix is for
the iana document to remove the second registry.

The other inconsistencies are:

1) The ikev2-13 document lists all registries as being updated by expert
review; the ikev2-iana-01 document lists them as updated by different
means. Ikev2-13 reflects working group consensus reached after the iana
document was published.

2) For pseudo-random transform type 2, the ikev2-13 document defines

	AUTH_AES_XCBC_96     5

I don't know the story here; perhaps this algorithm was added late, or
perhaps it should be removed as an inappropriate PRF.

3) For Extended Sequence Numbers Transform Type 5, (0=NO; 1=YES), the
iana document lists values 2-65535 as reserved to IANA (thus creating a
registry). In the ikev2-13, they are RESERVED (avoiding the need for a
registry). I believe no registry is needed; I doubt any expert would
approve creation of a new value for a Boolean.

4) For Identification Payload ID types, the iana document says the
values 12-255 are reserved to iana. Ikev2-13 says 12-200 are reserved to
iana and 201-255 are for private use.

5) ikev2-13 has notification types apparently defined since the iana
document:

INVALID_SELECTORS    39
ESP_TFC_PADDING_NOT_SUPPORTED  16394

6) For traffic selector types, the iana document says types 9-255 are
reserved to iana; ikev2-13 says 9-240 are reserved to iana and 241-255
are for private use.

	--Charlie



-----Original Message-----
From: Kevin Li [mailto:kli@cisco.com] 
Sent: Monday, April 05, 2004 5:28 PM
To: Charlie Kaufman; ipsec@lists.tislabs.com
Cc: kli@cisco.com
Subject: IKEv2 and IANA registry

Hi,

I have two questions.

1. For protocol id in proposal payload, there is an inconsistency
between
    draft-ietf-ipsec-ikev2-13.txt and draft-ietf-ipsec-ikev2-iana-01.txt

    The ikev2-13.txt defines:

           Protocol               Protocol ID
           RESERVED                0
           IKE                     1
           AH                      2
           ESP                     3
           RESERVED TO IANA        4-200
           PRIVATE USE             201-255

    The ikev2-iana-01.txt defines
             Attribute Type                 value
             -------------------------------------
             IKE                             0
             AH                              1
             ESP                             2
             RESERVED TO IANA                3-255

    Which one should be used? In general, if there is a conflict between
protocol
    specification and iana, which one should be used?


2. What's the current status of standardizing/fianlizing IKEv2 protocol 
specification? I am afraid our implementation based on IKEv2-13 will not

inter-operate with future standard version which other verdor
implementations 
will base on. Shall we wait until the standard comes out?


Please include me in the reply list as I haven't subcribed (in process)
to the 
ipsec@lists.tislabs.com yet.

Thank you very much.


Kevin
Cisco Systems