[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DRAFT: ipsec charter update
Comments on the charter:
The opening sentence has been true for 30 years and will always
be true. All communication technology requires security.
IPsec protects the payloads of IP datagrams and enforces policy for
client protocols; the notion of "protecting" a protocol is imprecise.
Remove any trace of the misconception that confidentiality without
integrity is a possible combination of this flexible system.
Is "protocol analysis of the existing protocol" the same as "analysis
of the existing protocol"?
Include elliptic curve methods.
Hilarie
tytso@mit.edu wrote:
> The IPSEC wg chairs met with Marcus Leech today, and after discussions
and consultation with him, we have developed the following draft update
to the IPSEC working group charter.
Contained in this proposed update is a timeline for the IKE V2 work
which was discussed at the IPSEC meeting earlier week in London. We
welcome comments and suggestions on improving the revised working group
charter. We would like to submit this charter to the IESG for
consideration by the end of August, so we would appreciate receiving
comments within the next two weeks.
Barbara Fraser
Theodore Ts'o
IPSEC wg chairs
IP Security Protocol (ipsec)
Last Modified: 09-Aug-01
Chair(s):
Barbara Fraser
Theodore Ts'o
Security Area Director(s):
Jeffrey Schiller
Marcus Leech
Security Area Advisor:
Jeffrey Schiller
Mailing Lists:
General Discussion:ipsec@lists.tislabs.com
to Subscribe: ipsec-request@lists.tislabs.com
Archive: ftp://ftp.tis.com/pub/lists/ipsec OR
ftp.ans.net/pub/archive/ipsec
Description of Working Group:
=============================
Rapid advances in communication technology have accentuated the need for
security in the Internet. The IP Security Protocol Working Group
(IPSEC) will develop mechanisms to protect client protocols of IP. A
security protocol in the network layer will be developed to provide
cryptographic security services that will flexibly support combinations
of authentication, integrity, access control, and confidentiality.
The IPSEC working group will restrict itself to the following short-term
work items to improve the existing key management protocol (IKE):
1) Changes to IKE to support NAT/Firewall traversal
2) Changes to IKE to support SCTP
3) New cipher documents to support AES-CBC, AES-MAC, SHA-2, and
a fast AES mode suitable for use in hardware encryptors
4) IKE MIB documents
5) Sequence number extensions to ESP to support an expanded sequence
number space.
6) Clarification and standardization of rekeying procedures in IKE.
The working group will also update IKE to reflect implementation
experience, new requirements, and protocol analysis of the existing
protocol. The requirements for IKE V2 will be revised and updated as
the first step in this process.
Goals and Milestones:
=====================
Aug 01 Internet Drafts on NAT and Firewall traversal, IKE MIBs, and
requirements for IPsec and IKE for use with SCTP, to working
group last call.
Sep 01 Submit revised Internet-Drafts of NAT and Firewall traversal, IKE
MIBs, and SCTP support for considerations as Draft Standards.
Oct 01 Internet-Drafts on sequence number expansion in IKE, and IKE
re-keying completed.
Dec 01 Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE
re-keying to working group last call.
Dec 01 Internet-Draft on IKE v2 Requirements to working group last call
Dec 01 Internet-Drafts describing candidate IKE v2 approaches submitted
to the working group.
Feb 01 Submit revised Internet-Drafts on AES/SHA-2, sequence number
expansion, and IKE rekeying for consideration as Draft Standards.
Apr 02 Discuss and select the IKE v2 design from candidate approaches.
Sep 02 IKE v2 Internet-Drafts to working group last call
Dec 02 Submit IKE v2 Internet-Drafts to the IESG for consideration as
Proposed Standards.