[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Items for new charter
Yes, i know that the current IDs are just dragging along. getting the
'last' nits in so they can get published. Ted is doing a good job of
bird-dogging that effort, and it is past time to write the new charter.
To this end, I have put together a list of items that looks reasonable to
tackle.
I want people to review them, and comment/subtract/add. then I will rough
out a new charter for the group.
1) fix broken but usable
Tero's issue with IKE.
Rekeying (well not so much as broke, but do we have the heuristic
right?)
2) desperately needed functionality
Host bootstrap (config)
Extended Authentication
Policy/tunnel endpoint discovery
Attribute Certs? KX records? ICMP messages?
Something else?
ICMP messages (TTL exceeded, port/host unreachable, admin
denied, ipsec-specific).
3) wise things to do
PMTU (Path MTU) for tunnels
Standardized error codes
MIBs
HMAC-RIPEM (EU wants THEIR standards included, reasonably enough)
4) nice touches.
MAC-DES
Other encryption algorithms
Other key exchange protocols
Simple and advanced crypto API
Dynamic discovery of complex ipsec topologies.
Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com
Follow-Ups: