[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DRAFT: ipsec charter update



Barbara and Theodore,

How is "client protocol of IP" defined?

Usually one thinks of the legitimate, sensible and/or meaningful clients of a security service as being the n+1 layer entities (see x.800).

I feel that it is very likely that herein lies the root cause of the problem and that if so, no amount of ad-hoc improvement within the current paradigm is going to make it go away.

If we want simplicity and effectiveness we should focus our attention narrowly on the simple paradigm of n layer mechanisms that implement services for n+1 layer entities.

The charter as stated seems to only further the basic underlying difficulties.  The now legacy approach has led to a nearly decade long effort and the apparent need of a 12 inch high stack of paper to describe how to encrypt an IP datagram. 

Let's try something new.

Regards,
Mitch Nelson


Dr. Mitchell C. Nelson
Director, Software Services
Datatek Applications, Inc.





tytso@mit.edu wrote:
> The IPSEC wg chairs met with Marcus Leech today, and after discussions
and consultation with him, we have developed the following draft update
to the IPSEC working group charter.

Contained in this proposed update is a timeline for the IKE V2 work
which was discussed at the IPSEC meeting earlier week in London.  We
welcome comments and suggestions on improving the revised working group
charter.  We would like to submit this charter to the IESG for
consideration by the end of August, so we would appreciate receiving
comments within the next two weeks.

					Barbara Fraser
					Theodore Ts'o
					IPSEC wg chairs


IP Security Protocol (ipsec) 

Last Modified: 09-Aug-01

Chair(s):
	Barbara Fraser 
	Theodore Ts'o 

Security Area Director(s): 
	Jeffrey Schiller 
	Marcus Leech 

Security Area Advisor: 
	Jeffrey Schiller 

Mailing Lists: 
	General Discussion:ipsec@lists.tislabs.com 
	to Subscribe: ipsec-request@lists.tislabs.com 
	Archive: ftp://ftp.tis.com/pub/lists/ipsec OR
	ftp.ans.net/pub/archive/ipsec 

Description of Working Group:
=============================

Rapid advances in communication technology have accentuated the need for
security in the Internet.  The IP Security Protocol Working Group
(IPSEC) will develop mechanisms to protect client protocols of IP.  A
security protocol in the network layer will be developed to provide
cryptographic security services that will flexibly support combinations
of authentication, integrity, access control, and confidentiality.

The IPSEC working group will restrict itself to the following short-term
work items to improve the existing key management protocol (IKE):

1)  Changes to IKE to support NAT/Firewall traversal 

2)  Changes to IKE to support SCTP

3)  New cipher documents to support AES-CBC, AES-MAC, SHA-2, and 
	a fast AES mode suitable for use in hardware encryptors

4)  IKE MIB documents

5)  Sequence number extensions to ESP to support an expanded sequence
    number space.

6)  Clarification and standardization of rekeying procedures in IKE.

The working group will also update IKE to reflect implementation
experience, new requirements, and protocol analysis of the existing
protocol.  The requirements for IKE V2 will be revised and updated as
the first step in this process.

Goals and Milestones:
=====================

Aug 01	Internet Drafts on NAT and Firewall traversal, IKE MIBs, and 
	requirements for IPsec and IKE for use with SCTP, to working 
	group last call.

Sep 01	Submit revised Internet-Drafts of NAT and Firewall traversal, IKE 
	MIBs, and SCTP support for considerations as Draft Standards.

Oct 01	Internet-Drafts on sequence number expansion in IKE, and IKE 
	re-keying completed.

Dec 01	Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE 
	re-keying to working group last call.

Dec 01	Internet-Draft on IKE v2 Requirements to working group last call

Dec 01	Internet-Drafts describing candidate IKE v2 approaches submitted
	to the working group.

Feb 01	Submit revised Internet-Drafts on AES/SHA-2, sequence number 
	expansion, and IKE rekeying for consideration as Draft Standards.

Apr 02	Discuss and select the IKE v2 design from candidate approaches.

Sep 02	IKE v2 Internet-Drafts to working group last call

Dec 02	Submit IKE v2 Internet-Drafts to the IESG for consideration as 
	Proposed Standards.







Follow-Ups: