[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Updated IPSEC Charter
I'm sorry I couldn't make it to IETF in Columbus. Attending the IPSEC meeting
would have been one of my highest priorities. It is my impression that a
variety of proposals and implementation experiences were going to be presented
and I hope that minutes can be distributed relatively soon.
The main write up below looks good. I think the schedule needs to be moved
into the future. See questions with schedule.
In general, it seems to me that there has been very little traffic on the
working group mailing list. I don't know if this is because little is
happening or because it is mostly being done person-to-person or in small
subgroups within the WG. I would urge people to post more material, including
"incomplete" or "pre-draft" material to the working group list to get earlier
feedback.
Donald
--------------
From: US1RMC::"Paul_Lambert@poncho.phx.sectel.mot.com" "Paul Lambert" 28-
MAR-1993 22:20
To: ipsec@ans.net (ip security mailing list)
Subj: Updated IPSEC Charter
Subject: Updated IPSEC Charter
Message:
The following is a draft of an updated charter for the IPSEC
Working Group. Three additional issue areas were added to the
chater - the realationship of IPSEC to the IP suite of protocols,
Rpeek throughS, and labeling. Note also some small changes in the
schedule.
Paul
----------------------------------------------------------------
Draft of Updated IPSEC Charter
----------------------------------------------------------------
Internet Protocol Security Protocol (ipsec)
Charter
Chair(s):
Al Hoover <hoover@ans.net>
Paul Lambert <paul_lambert@email.mot.com>
Security Area Director(s)
Steve Crocker <crocker@tis.com>
Mailing lists:
General Discussion:ipsec@ans.net
To Subscribe: ipsec-request@ans.net
Archive: ftp.ans.net:~/pub/archive/ipsec
Description of Working Group:
Rapid advances in communication technology have accentuated the need for
security in the Internet. The IP Security Protocol Working Group
(IPSEC) will develop mechanisms to protect client protocols of IP. The
IPSEC Working Group will develop a security protocol in the network
layer to provide cryptographic security services that will flexibly
support combinations of authentication, integrity, access control, and
confidentiality. The protocol formats for the IP Security Protocol
(IPSP) will be independent of the cryptographic algorithm. The
preliminary goals will specifically pursue host-to-host security
followed by subnet-to-subnet and host-to-subnet topologies.
The working group will examine the relationship of network security the
suite of IP protocols. This investigation will include the examination
of IP as a client of IPSP running over IP. Recommendations documented
in the IPSP specification will provide guidelines to protect the IP
suite of protocols.
The cryptographic encapsulation may hide information that is useful to
network. This information may include security labels, addresses, and
protocol identifiers. The working group will examine the mapping of
encapsulated protocol information onto unprotected fields and guidelines
for any required Rpeek-throughS of information.
Protocol and cryptographic techniques will also be developed to support
the key management requirements of the IPSP. The key management will be
specified as an application layer protocol that is independent of the
lower layer security protocol. The protocol will initially support
public key based techniques. Flexibility in the protocol will allow
eventual support of Key Distribution Center (KDC -- such as Kerberos)
and manual distribution approaches.
Goals and Milestones:
Mar 93 Review distributed documents and status of related activities.
Establish liaisons to IPSO/CIPSO and IPv7 working groups.
>What is the status of this?
Mar 93 Review pilot experiments with cryptographic network security.
>What is the status of this?
Mar 93 Post as an Internet-Draft a preliminary version of the IP
Security Protocol that supports host-to-host security.
>Do people believe there is a consensus on the above yet? I sure haven't seen
>any detailed discussion.
Mar 93 Review pilot experiments with cryptographic network security.
Discuss, debate, and refine the framework for IPSP based on
pilot experiments. Assign writing tasks, and identify issues
to be resolved. Action items will include will include labels
(IPSO/CIPSO), Rpeek-through,S support of IP suite, and IP over
IPSP over IP.
>What is the status of all this?
Mar 93 Establish baseline goals and starting points for Internet Key
Management.
>What is the status of this?
Jul 93 Update the IPSP Internet-Draft to include subnet-to-subnet and
host-to-subnet topologies. Include preliminary text on
labels, Rpeek-through,S and protection of IP suite.
Jul 93 Review related key management activities, preliminary
proposals, and pilot experiments for Internet Key Management.
Nov 93 Discuss, debate, and establish approaches for third-party
interactions for key management (e.g., Kerberos like Key
Distribution Center).
Nov 93 Post as an Internet-Draft a preliminary specification for
Internet Key Management. The specification will support a
public key based key establishment mechanism.
Nov 93 Discuss, debate, and establish approaches for third-party
interactions for key management (e.g., Kerberos like Key
Distribution Center).
Nov 93 Report on Pilot Implementation of the IP Security Protocol.
Update Protocol as needed.
Mar 94 Report on Pilot implementation of the Internet Key Management
Protocol. Update Internet-Draft to include third-party
interactions for KDC support.
Jul 94 Submit the IP Security Protocol to the IESG for consideration
as a Proposed Standard.
Jul 94 Report on Pilot implementation of the Internet Key Management
with KDC support.
Nov 94 Submit the Internet Key Management Protocol to the IESG for
consideration as a Proposed Standard.