[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New mailing list to discuss IP layer signalling security



As agreed at SAAG at IETF-57, Vienna, we now have
a mailing list to discuss IP layer signalling security.
The aim is to discuss the problem, and find out whether
there would be enough of interest to look at the more
generic problem to warrant an IETF working group.

The ML is kindly hosted by VPNC (thanks, Paul).  To
subscribe, either access the web page at

   http://www.vpnc.org/ietf-ipsigsec/index.html

or simply send a message to <ietf-ipsigsec-request@vpnc.org>
with the single word subscribe in the body of the message.

To give people time to subscribe to the list, it is not
yet possible to post to the list.  Once posting becomes
possible I will send a separate note to the *list* (not here).

The mailing list is chartered as follows.  If you think
that this chartering is not what was earlier discussed at
the saag ML or at the meeting, please send e-mail to me.

------------------------------

Initial ML Charter:

The ietf-ipsigsec mailing list is for discussing standizing
protocols or protocol components for securing IP layer
signalling protocols, such as IPv6 Neighbor Discovery and
Autoconfiguration, Mobile IP, Mobile IP optimization protocols,
and perhaps some routing protocols. This mailing list may
turn into an IETF Working Group.

As a background, experience has shown that the IPsec
Authentication Header (AH), as it is currently standardized,
does not cover the requirements. Hence, for example, the
Mobile IPv6 Route Optimization and Secure IPv6 Neighbor
Discovery (SEND) both use more-or-less ad hoc, protocol
specific mechanisms to reach their security goals. One
purpose of this mailing list is to see if something can
be learned from these experiences.

The topics, to be discussed on the mailing list, are the
following:

     * Address the need for generic protocol components that
       could be used to secure current and future IP layer
       (internetworking layer) signalling protocols. Examples
       of components to consider include Return Routability (RR)
       and Cryptographically Generated Addresses (CGA).

     * Progress towards a security model that would cover all
       or most IP layer signalling protocol security requirements.
       The focus is on situations where one cannot rely on
       existing or supposed security infrastructures.

     * Understand how the proposed separation of the identifier
       and locator roles of IP addresses may affect the security
       requirements in the IP layer signalling scope.

     * Based on the topics above, consider the applicability of
       the IPsec AH protocol. That is, it is allowed to state that
       there seems to be no use of AH within this space, or that AH
       seems to be a perfect match to the needs, as long as such
       statements are well founded and based on discussion on the
       items above. However, it is strictly out of scope to state
       opinions on AH without basing those opinions on clearly
       argumented technical discussion, or to discuss the applicability
       of AH for any other purpose but IP layer signalling security.