[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DRAFT: ipsec charter update
>Barbara and Theodore,
>
>How is "client protocol of IP" defined?
Maybe this is a nit, but why "client protocol" and not "host protocol?"
Mark
>Usually one thinks of the legitimate, sensible and/or meaningful clients
>of a security service as being the n+1 layer entities (see x.800).
>
>I feel that it is very likely that herein lies the root cause of the
>problem and that if so, no amount of ad-hoc improvement within the current
>paradigm is going to make it go away.
>
>If we want simplicity and effectiveness we should focus our attention
>narrowly on the simple paradigm of n layer mechanisms that implement
>services for n+1 layer entities.
>
>The charter as stated seems to only further the basic underlying
>difficulties. The now legacy approach has led to a nearly decade long
>effort and the apparent need of a 12 inch high stack of paper to describe
>how to encrypt an IP datagram.
>
>Let's try something new.
>
>Regards,
>Mitch Nelson
>
>
>Dr. Mitchell C. Nelson
>Director, Software Services
>Datatek Applications, Inc.
>
>
>
>
>
>tytso@mit.edu wrote:
> > The IPSEC wg chairs met with Marcus Leech today, and after discussions
>and consultation with him, we have developed the following draft update
>to the IPSEC working group charter.
>
>Contained in this proposed update is a timeline for the IKE V2 work
>which was discussed at the IPSEC meeting earlier week in London. We
>welcome comments and suggestions on improving the revised working group
>charter. We would like to submit this charter to the IESG for
>consideration by the end of August, so we would appreciate receiving
>comments within the next two weeks.
>
> Barbara Fraser
> Theodore Ts'o
> IPSEC wg chairs
>
>
>IP Security Protocol (ipsec)
>
>Last Modified: 09-Aug-01
>
>Chair(s):
> Barbara Fraser
> Theodore Ts'o
>
>Security Area Director(s):
> Jeffrey Schiller
> Marcus Leech
>
>Security Area Advisor:
> Jeffrey Schiller
>
>Mailing Lists:
> General Discussion:ipsec@lists.tislabs.com
> to Subscribe: ipsec-request@lists.tislabs.com
> Archive: ftp://ftp.tis.com/pub/lists/ipsec OR
> ftp.ans.net/pub/archive/ipsec
>
>Description of Working Group:
>=============================
>
>Rapid advances in communication technology have accentuated the need for
>security in the Internet. The IP Security Protocol Working Group
>(IPSEC) will develop mechanisms to protect client protocols of IP. A
>security protocol in the network layer will be developed to provide
>cryptographic security services that will flexibly support combinations
>of authentication, integrity, access control, and confidentiality.
>
>The IPSEC working group will restrict itself to the following short-term
>work items to improve the existing key management protocol (IKE):
>
>1) Changes to IKE to support NAT/Firewall traversal
>
>2) Changes to IKE to support SCTP
>
>3) New cipher documents to support AES-CBC, AES-MAC, SHA-2, and
> a fast AES mode suitable for use in hardware encryptors
>
>4) IKE MIB documents
>
>5) Sequence number extensions to ESP to support an expanded sequence
> number space.
>
>6) Clarification and standardization of rekeying procedures in IKE.
>
>The working group will also update IKE to reflect implementation
>experience, new requirements, and protocol analysis of the existing
>protocol. The requirements for IKE V2 will be revised and updated as
>the first step in this process.
>
>Goals and Milestones:
>=====================
>
>Aug 01 Internet Drafts on NAT and Firewall traversal, IKE MIBs, and
> requirements for IPsec and IKE for use with SCTP, to working
> group last call.
>
>Sep 01 Submit revised Internet-Drafts of NAT and Firewall traversal, IKE
> MIBs, and SCTP support for considerations as Draft Standards.
>
>Oct 01 Internet-Drafts on sequence number expansion in IKE, and IKE
> re-keying completed.
>
>Dec 01 Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE
> re-keying to working group last call.
>
>Dec 01 Internet-Draft on IKE v2 Requirements to working group last call
>
>Dec 01 Internet-Drafts describing candidate IKE v2 approaches submitted
> to the working group.
>
>Feb 01 Submit revised Internet-Drafts on AES/SHA-2, sequence number
> expansion, and IKE rekeying for consideration as Draft Standards.
>
>Apr 02 Discuss and select the IKE v2 design from candidate approaches.
>
>Sep 02 IKE v2 Internet-Drafts to working group last call
>
>Dec 02 Submit IKE v2 Internet-Drafts to the IESG for consideration as
> Proposed Standards.
References: