Re: [IPsec] IPsec maintenance/extensions WG, summary so far
Nicolas Williams <Nicolas.Williams@sun.com> Wed, 07 May 2008 19:20 UTC
Return-Path: <ipsec-bounces@ietf.org>
X-Original-To: ipsec-archive@megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F7FD28C635; Wed, 7 May 2008 12:20:17 -0700 (PDT)
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B438428C5C1 for <ipsec@core3.amsl.com>; Wed, 7 May 2008 12:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.046
X-Spam-Level:
X-Spam-Status: No, score=-3.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bw3gNFh1KuX for <ipsec@core3.amsl.com>; Wed, 7 May 2008 12:20:14 -0700 (PDT)
Received: from sca-ea-mail-4.sun.com (sca-ea-mail-4.Sun.COM [192.18.43.22]) by core3.amsl.com (Postfix) with ESMTP id A03FF3A6A0B for <ipsec@ietf.org>; Wed, 7 May 2008 12:20:14 -0700 (PDT)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by sca-ea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m47JKCti029789 for <ipsec@ietf.org>; Wed, 7 May 2008 19:20:12 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id m47JKBVs023803 for <ipsec@ietf.org>; Wed, 7 May 2008 13:20:11 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id m47JKBUx022477; Wed, 7 May 2008 14:20:11 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id m47JKAFJ022476; Wed, 7 May 2008 14:20:10 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Wed, 07 May 2008 14:20:10 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Pasi.Eronen@nokia.com
Message-ID: <20080507192010.GL13552@Sun.COM>
Mail-Followup-To: Pasi.Eronen@nokia.com, ipsec@ietf.org
References: <1696498986EFEC4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1696498986EFEC4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com>
User-Agent: Mutt/1.5.7i
Cc: ipsec@ietf.org
Subject: Re: [IPsec] IPsec maintenance/extensions WG, summary so far
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
On Wed, May 07, 2008 at 01:19:09PM +0300, Pasi.Eronen@nokia.com wrote: I'm willing to review: > o Update to IKEv2 base specification (possible starting point: > draft-hoffman-ikev2bis) > o IPsec document roadmap update (possible starting point: RFC 2411) > o IKEv2 session resumption / optimizing IKEv2 handshake when > connecting again to same peer/cluster of peers (possible > starting point: draft-sheffer-ipsec-failover) > o Labeled IPsec for RFC 430x IPsec > o IKEv1/IKEv2 co-existence and transition (please specify more > details if you select this one) I think this item: > o GSS-API (or Kerberos) authentication for IKEv2 seems unnecessary. Keep in mind that I once thought the opposite. But let's consider: - IPsec w/ Kerberos V -> KINK - IPsec w/ PSK, PKI, EAP -> IKEv2 So what existing, planned or potential GSS-API mechanisms might one want to use with IPsec which isn't covered via KINK or IKEv2? Now, perhaps there is dissatisfaction with KINK. Or perhaps there's a desire to mix Kerberos V and whatnot in one KE. If so, let's hear it. If not, let's drop this. I'm willing to collaborate on this one: > o Guidelines for Mandating the Use of IPsec, for RFC430x IPsec > (possible starting point: draft-bellovin-useipsec) Primarily because I think that applications shouldn't use IPsec without IPsec APIs, and IPsec APIs is something that I'm collaborating on in the BTNS WG. Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] IPsec maintenance/extensions WG, summary … Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Arnaud Ebalard
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jari Arkko
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan Harkins
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Charlie Kaufman
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan McDonald
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Suresh Krishnan
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Lakshminath Dondeti
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Ana Kukec
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Andreas Steffen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Kumar, Sunil
- Re: [IPsec] IPsec maintenance/extensions WG, summ… ma yc
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Grewal, Ken
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yaron Sheffer
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Cheryl Madson
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yingzhe Wu
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen@nokia.com
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jean-Michel Combes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Joy Latten
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang