[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Updated IPSEC Charter
Subject: Updated IPSEC Charter
Message:
The following is a draft of an updated charter for the IPSEC
Working Group. Three additional issue areas were added to the
chater - the realationship of IPSEC to the IP suite of protocols,
Rpeek throughS, and labeling. Note also some small changes in the
schedule.
Paul
----------------------------------------------------------------
Draft of Updated IPSEC Charter
----------------------------------------------------------------
Internet Protocol Security Protocol (ipsec)
Charter
Chair(s):
Al Hoover <hoover@ans.net>
Paul Lambert <paul_lambert@email.mot.com>
Security Area Director(s)
Steve Crocker <crocker@tis.com>
Mailing lists:
General Discussion:ipsec@ans.net
To Subscribe: ipsec-request@ans.net
Archive: ftp.ans.net:~/pub/archive/ipsec
Description of Working Group:
Rapid advances in communication technology have accentuated the need for
security in the Internet. The IP Security Protocol Working Group
(IPSEC) will develop mechanisms to protect client protocols of IP. The
IPSEC Working Group will develop a security protocol in the network
layer to provide cryptographic security services that will flexibly
support combinations of authentication, integrity, access control, and
confidentiality. The protocol formats for the IP Security Protocol
(IPSP) will be independent of the cryptographic algorithm. The
preliminary goals will specifically pursue host-to-host security
followed by subnet-to-subnet and host-to-subnet topologies.
The working group will examine the relationship of network security the
suite of IP protocols. This investigation will include the examination
of IP as a client of IPSP running over IP. Recommendations documented
in the IPSP specification will provide guidelines to protect the IP
suite of protocols.
The cryptographic encapsulation may hide information that is useful to
network. This information may include security labels, addresses, and
protocol identifiers. The working group will examine the mapping of
encapsulated protocol information onto unprotected fields and guidelines
for any required Rpeek-throughS of information.
Protocol and cryptographic techniques will also be developed to support
the key management requirements of the IPSP. The key management will be
specified as an application layer protocol that is independent of the
lower layer security protocol. The protocol will initially support
public key based techniques. Flexibility in the protocol will allow
eventual support of Key Distribution Center (KDC -- such as Kerberos)
and manual distribution approaches.
Goals and Milestones:
Mar 93 Review distributed documents and status of related activities.
Establish liaisons to IPSO/CIPSO and IPv7 working groups.
Mar 93 Review pilot experiments with cryptographic network security.
Mar 93 Post as an Internet-Draft a preliminary version of the IP
Security Protocol that supports host-to-host security.
Mar 93 Review pilot experiments with cryptographic network security.
Discuss, debate, and refine the framework for IPSP based on
pilot experiments. Assign writing tasks, and identify issues
to be resolved. Action items will include will include labels
(IPSO/CIPSO), Rpeek-through,S support of IP suite, and IP over
IPSP over IP.
Mar 93 Establish baseline goals and starting points for Internet Key
Management.
Jul 93 Update the IPSP Internet-Draft to include subnet-to-subnet and
host-to-subnet topologies. Include preliminary text on
labels, Rpeek-through,S and protection of IP suite.
Jul 93 Review related key management activities, preliminary
proposals, and pilot experiments for Internet Key Management.
Nov 93 Discuss, debate, and establish approaches for third-party
interactions for key management (e.g., Kerberos like Key
Distribution Center).
Nov 93 Post as an Internet-Draft a preliminary specification for
Internet Key Management. The specification will support a
public key based key establishment mechanism.
Nov 93 Discuss, debate, and establish approaches for third-party
interactions for key management (e.g., Kerberos like Key
Distribution Center).
Nov 93 Report on Pilot Implementation of the IP Security Protocol.
Update Protocol as needed.
Mar 94 Report on Pilot implementation of the Internet Key Management
Protocol. Update Internet-Draft to include third-party
interactions for KDC support.
Jul 94 Submit the IP Security Protocol to the IESG for consideration
as a Proposed Standard.
Jul 94 Report on Pilot implementation of the Internet Key Management
with KDC support.
Nov 94 Submit the Internet Key Management Protocol to the IESG for
consideration as a Proposed Standard.