[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New mailing list to discuss IP layer signalling security
As agreed at SAAG at IETF-57, Vienna, we now have
a mailing list to discuss IP layer signalling security.
The aim is to discuss the problem, and find out whether
there would be enough of interest to look at the more
generic problem to warrant an IETF working group.
The ML is kindly hosted by VPNC (thanks, Paul). To
subscribe, either access the web page at
http://www.vpnc.org/ietf-ipsigsec/index.html
or simply send a message to <ietf-ipsigsec-request@vpnc.org>
with the single word subscribe in the body of the message.
To give people time to subscribe to the list, it is not
yet possible to post to the list. Once posting becomes
possible I will send a separate note to the *list* (not here).
The mailing list is chartered as follows. If you think
that this chartering is not what was earlier discussed at
the saag ML or at the meeting, please send e-mail to me.
------------------------------
Initial ML Charter:
The ietf-ipsigsec mailing list is for discussing standizing
protocols or protocol components for securing IP layer
signalling protocols, such as IPv6 Neighbor Discovery and
Autoconfiguration, Mobile IP, Mobile IP optimization protocols,
and perhaps some routing protocols. This mailing list may
turn into an IETF Working Group.
As a background, experience has shown that the IPsec
Authentication Header (AH), as it is currently standardized,
does not cover the requirements. Hence, for example, the
Mobile IPv6 Route Optimization and Secure IPv6 Neighbor
Discovery (SEND) both use more-or-less ad hoc, protocol
specific mechanisms to reach their security goals. One
purpose of this mailing list is to see if something can
be learned from these experiences.
The topics, to be discussed on the mailing list, are the
following:
* Address the need for generic protocol components that
could be used to secure current and future IP layer
(internetworking layer) signalling protocols. Examples
of components to consider include Return Routability (RR)
and Cryptographically Generated Addresses (CGA).
* Progress towards a security model that would cover all
or most IP layer signalling protocol security requirements.
The focus is on situations where one cannot rely on
existing or supposed security infrastructures.
* Understand how the proposed separation of the identifier
and locator roles of IP addresses may affect the security
requirements in the IP layer signalling scope.
* Based on the topics above, consider the applicability of
the IPsec AH protocol. That is, it is allowed to state that
there seems to be no use of AH within this space, or that AH
seems to be a perfect match to the needs, as long as such
statements are well founded and based on discussion on the
items above. However, it is strictly out of scope to state
opinions on AH without basing those opinions on clearly
argumented technical discussion, or to discuss the applicability
of AH for any other purpose but IP layer signalling security.