[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC standardization status

To: ipsec@tis.com
Subject: IPSEC standardization status
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Tue, 28 Apr 1998 14:17:50 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

Hi all,

	My apologies for not sending this note out sooner.
Unfortunately, there've been a number of non-IPSEC-related fires that
have been burning on my desk the last few days.

	In any case, the IESG met last Thursday and discussed the IPSEC
I-D's which we had put before them for last call.  The bad news is that
there were two "Discuss" votes.  The good news is that they are what are
called "triggered" discuss votes, so that as soon the issues which the
IESG members brought up are resolved, the documents can automatically
advance without needing another IESG action.

	The two discuss votes caused by inconsistencies between the
IPSEC documents and other working groups' documents noted by IESG
members.  One was the inconsistency between the IP Compresion document
and the DOI, for which we've since worked out a compromise which I
believe is acceptable to all.  The other issue is an inconsistency in
section 3.3.3.1 of the authentication-header document, where the
introductory comments for how mutable extension headers for IPV6 should
be handled is somewhat at odds with the current IPV6 documents and the
later in the auth-header spec which actually lays out the ICV
calculation algorithm for IPV6.  I've forwarded this on to Steve Kent
and Karen Seo, and they are looking at that now.

	The IESG action also included some other clarifications and
editorial changes to the architecture, auth-header, and ESP documents.
These changes were made in response to comments made during last call
--- for example, they address Marc Hasson's comments dated April 20th.
In most cases these were either typographical errors (or in the case of
Marc's inconsistencies) reflect places where the working group had
agreed to a certain change, which was applied to the document, but other
places in the documents which also needed to be changed to reflect the
change weren't necessarily made, thus leaving the document confusing or
self-inconsistent.  Unfortunately these changes were made after the IESG
ballot was mailed out to IESG members, so we weren't able to published
the changed draft as I-D's.  I have a copy of the changed documents at:

	http://web.mit.edu/tytso/www/ipsec/newvers

These will go out as I-D's once the IPv6 inconsistency in the
auth-header problem has been dealt with, and we can then push these out
to the RFC editor.  (IESG members will be watching to make sure we don't
make any changes other than those which they have requested.  :-)

	One set of on-going discussions which happened a tad bit too
late to be reflected in this round of the standardization process is the
ISAKMP changes.  We will have an opportunity to look at some of these
issues again (in particularly reserving some exchange values for use by
consenting parties) at the next round of the standardization process.

	So, that's where we are.  If anyone has any questions, please
feel free to refer them to Bob or myself.

						- Ted

Follow-Ups:

Re: IPSEC standardization status

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: isakmp multiple SA payloads
Next by Date: When we have to check ?
Prev by thread: isakmp multiple SA payloads
Next by thread: Re: IPSEC standardization status
Index(es):
- Main
- Thread