[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DRAFT: ipsec charter update




>Barbara and Theodore,
>
>How is "client protocol of IP" defined?

Maybe this is a nit, but why "client protocol" and not "host protocol?"

Mark


>Usually one thinks of the legitimate, sensible and/or meaningful clients 
>of a security service as being the n+1 layer entities (see x.800).
>
>I feel that it is very likely that herein lies the root cause of the 
>problem and that if so, no amount of ad-hoc improvement within the current 
>paradigm is going to make it go away.
>
>If we want simplicity and effectiveness we should focus our attention 
>narrowly on the simple paradigm of n layer mechanisms that implement 
>services for n+1 layer entities.
>
>The charter as stated seems to only further the basic underlying 
>difficulties.  The now legacy approach has led to a nearly decade long 
>effort and the apparent need of a 12 inch high stack of paper to describe 
>how to encrypt an IP datagram.
>
>Let's try something new.
>
>Regards,
>Mitch Nelson
>
>
>Dr. Mitchell C. Nelson
>Director, Software Services
>Datatek Applications, Inc.
>
>
>
>
>
>tytso@mit.edu wrote:
> > The IPSEC wg chairs met with Marcus Leech today, and after discussions
>and consultation with him, we have developed the following draft update
>to the IPSEC working group charter.
>
>Contained in this proposed update is a timeline for the IKE V2 work
>which was discussed at the IPSEC meeting earlier week in London.  We
>welcome comments and suggestions on improving the revised working group
>charter.  We would like to submit this charter to the IESG for
>consideration by the end of August, so we would appreciate receiving
>comments within the next two weeks.
>
>                                         Barbara Fraser
>                                         Theodore Ts'o
>                                         IPSEC wg chairs
>
>
>IP Security Protocol (ipsec)
>
>Last Modified: 09-Aug-01
>
>Chair(s):
>         Barbara Fraser
>         Theodore Ts'o
>
>Security Area Director(s):
>         Jeffrey Schiller
>         Marcus Leech
>
>Security Area Advisor:
>         Jeffrey Schiller
>
>Mailing Lists:
>         General Discussion:ipsec@lists.tislabs.com
>         to Subscribe: ipsec-request@lists.tislabs.com
>         Archive: ftp://ftp.tis.com/pub/lists/ipsec OR
>         ftp.ans.net/pub/archive/ipsec
>
>Description of Working Group:
>=============================
>
>Rapid advances in communication technology have accentuated the need for
>security in the Internet.  The IP Security Protocol Working Group
>(IPSEC) will develop mechanisms to protect client protocols of IP.  A
>security protocol in the network layer will be developed to provide
>cryptographic security services that will flexibly support combinations
>of authentication, integrity, access control, and confidentiality.
>
>The IPSEC working group will restrict itself to the following short-term
>work items to improve the existing key management protocol (IKE):
>
>1)  Changes to IKE to support NAT/Firewall traversal
>
>2)  Changes to IKE to support SCTP
>
>3)  New cipher documents to support AES-CBC, AES-MAC, SHA-2, and
>         a fast AES mode suitable for use in hardware encryptors
>
>4)  IKE MIB documents
>
>5)  Sequence number extensions to ESP to support an expanded sequence
>     number space.
>
>6)  Clarification and standardization of rekeying procedures in IKE.
>
>The working group will also update IKE to reflect implementation
>experience, new requirements, and protocol analysis of the existing
>protocol.  The requirements for IKE V2 will be revised and updated as
>the first step in this process.
>
>Goals and Milestones:
>=====================
>
>Aug 01  Internet Drafts on NAT and Firewall traversal, IKE MIBs, and
>         requirements for IPsec and IKE for use with SCTP, to working
>         group last call.
>
>Sep 01  Submit revised Internet-Drafts of NAT and Firewall traversal, IKE
>         MIBs, and SCTP support for considerations as Draft Standards.
>
>Oct 01  Internet-Drafts on sequence number expansion in IKE, and IKE
>         re-keying completed.
>
>Dec 01  Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE
>         re-keying to working group last call.
>
>Dec 01  Internet-Draft on IKE v2 Requirements to working group last call
>
>Dec 01  Internet-Drafts describing candidate IKE v2 approaches submitted
>         to the working group.
>
>Feb 01  Submit revised Internet-Drafts on AES/SHA-2, sequence number
>         expansion, and IKE rekeying for consideration as Draft Standards.
>
>Apr 02  Discuss and select the IKE v2 design from candidate approaches.
>
>Sep 02  IKE v2 Internet-Drafts to working group last call
>
>Dec 02  Submit IKE v2 Internet-Drafts to the IESG for consideration as
>         Proposed Standards.



References: