[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Items for new charter
How about external Policy Server Support? This could be used to "download"
policies as well as for Extended Authentication.
PatC
> Yes, i know that the current IDs are just dragging along. getting the
> 'last' nits in so they can get published. Ted is doing a good job of
> bird-dogging that effort, and it is past time to write the new charter.
>
> To this end, I have put together a list of items that looks reasonable to
> tackle.
>
> I want people to review them, and comment/subtract/add. then I will rough
> out a new charter for the group.
>
> 1) fix broken but usable
>
> Tero's issue with IKE.
> Rekeying (well not so much as broke, but do we have the heuristic
> right?)
>
> 2) desperately needed functionality
>
> Host bootstrap (config)
> Extended Authentication
> Policy/tunnel endpoint discovery
> Attribute Certs? KX records? ICMP messages?
> Something else?
> ICMP messages (TTL exceeded, port/host unreachable, admin
> denied, ipsec-specific).
>
> 3) wise things to do
>
> PMTU (Path MTU) for tunnels
> Standardized error codes
> MIBs
> HMAC-RIPEM (EU wants THEIR standards included, reasonably enough)
>
> 4) nice touches.
>
> MAC-DES
> Other encryption algorithms
> Other key exchange protocols
> Simple and advanced crypto API
> Dynamic discovery of complex ipsec topologies.
>
>
>
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com
Follow-Ups:
References: