Protocol Action: 'Labeled IPsec Traffic Selector support for IKEv2' to Proposed Standard (draft-ietf-ipsecme-labeled-ipsec-12.txt)
The IESG <iesg-secretary@ietf.org> Mon, 15 May 2023 14:42 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 81BE4C16B5C9; Mon, 15 May 2023 07:42:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Labeled IPsec Traffic Selector support for IKEv2' to Proposed Standard (draft-ietf-ipsecme-labeled-ipsec-12.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 10.3.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Tero Kivinen <kivinen@iki.fi>, The IESG <iesg@ietf.org>, draft-ietf-ipsecme-labeled-ipsec@ietf.org, ipsec@ietf.org, ipsecme-chairs@ietf.org, kivinen@iki.fi, rdd@cert.org, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <168416176152.53100.16520735411523868832@ietfa.amsl.com>
Date: Mon, 15 May 2023 07:42:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/aKret8l5S02S884ZUTuIO31456M>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 May 2023 14:42:41 -0000
The IESG has approved the following document: - 'Labeled IPsec Traffic Selector support for IKEv2' (draft-ietf-ipsecme-labeled-ipsec-12.txt) as Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-labeled-ipsec/ Technical Summary This document defines a new Traffic Selector (TS) Type for Internet Key Exchange version 2 to add support for negotiating Mandatory Access Control (MAC) security labels as a traffic selector of the Security Policy Database (SPD). Security Labels for IPsec are also known as "Labeled IPsec". The new TS type is TS_SECLABEL, which consists of a variable length opaque field specifying the security label. Working Group Summary The document went through a number of proposals and switched a few times between using a Notify payload to using a Traffic Selector payload until consensus was reached. It was also discussed whether the label should be a variant of existing labels (e.g. IPv4_SECLABEL and IPv6_SECLABEL) and consensus was reached on making it an independent label to avoid a combinatorial explosion of Traffic Selector Types. Consensus was also reached to leave the Label itself as opaque to the IKE implementation so that it can be used with different types of labeling systems. A small group of core developers were the the active participants, which is quite common on the IPsecME WG. There were no objections. Document Quality There are currently three interoperable implementations (ELVIS+, libreswan and strongswan). ELVIS+ only implements the IKEv2 extension, where as libreswan and strongswan use the Linux kernel SElinux system as the labeling system. The authors have contemplated doing an informational write up on that system in a separate new draft. Personnel The Document Shepherd for this document is Tero Kivinen. The Responsible Area Director is Roman Danyliw.