Re: Items for new charter

["pcalhoun@eng.sun.com" <Patrice.Calhoun@Eng.Sun.Com>]

How about external Policy Server Support? This could be used to "download"
policies as well as for Extended Authentication.

PatC


> Yes, i know that the current IDs are just dragging along.  getting the
> 'last' nits in so they can get published. Ted is doing a good job of
> bird-dogging that effort, and it is past time to write the new charter.
> 
> To this end, I have put together a list of items that looks reasonable to
> tackle.
> 
> I want people to review them, and comment/subtract/add.  then I will rough
> out a new charter for the group.
> 
> 	 1) fix broken but usable
> 	 
> 	 Tero's issue with IKE.
> 	 Rekeying (well not so much as broke, but do we have the heuristic 
> 		right?)
> 	 
> 	 2) desperately needed functionality
> 	 
> 	 Host bootstrap (config)
> 	 Extended Authentication
> 	 Policy/tunnel endpoint discovery
> 	 Attribute Certs? KX records?  ICMP messages?
> 		Something else?
> 	 ICMP messages (TTL exceeded, port/host unreachable, admin
> 	 denied, ipsec-specific).
>  
> 	 3) wise things to do
> 	 
> 	 PMTU (Path MTU) for tunnels
> 	 Standardized error codes
> 	 MIBs
> 	 HMAC-RIPEM (EU wants THEIR standards included, reasonably enough)
> 	 
> 	 4) nice touches.
> 	 
> 	 MAC-DES
> 	 Other encryption algorithms
> 	 Other key exchange protocols
> 	 Simple and advanced crypto API
> 	 Dynamic discovery of complex ipsec topologies.
> 
> 
> 
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com

---

Follow-Ups:

• Re: Items for new charter
• From: Robert Moskowitz <rgm-sec@htt-consult.com>

References:

• Items for new charter
• From: Robert Moskowitz <rgm-sec@htt-consult.com>

---

• Prev by Date: cookies
• Next by Date: Re: keying material
• Prev by thread: Items for new charter
• Next by thread: Re: Items for new charter
• Index(es):
  • Main
  • Thread