RE: Agenda for the Minneapolis meeting
"Mason, David" <David_Mason@nai.com> Thu, 15 March 2001 18:26 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.9.3/8.9.3) with ESMTP id KAA27415; Thu, 15 Mar 2001 10:26:54 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA18857 Thu, 15 Mar 2001 12:25:57 -0500 (EST)
Message-ID: <8894CA1F87A5D411BD24009027EE783812802F@md-exchange1.nai.com>
From: "Mason, David" <David_Mason@nai.com>
To: 'Dan Harkins' <dharkins@cips.nokia.COM>, Scott Fanning <sfanning@cisco.com>
Cc: ipsec@lists.tislabs.com
Subject: RE: Agenda for the Minneapolis meeting
Date: Thu, 15 Mar 2001 09:25:34 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
I'd like to see removal of the Commit Bit and just go with always using a 4 message Quick Mode (which gives the added benefit of allowing PFS Group negotiation by moving the initiator's KE payload from the first to the third message). -dave -----Original Message----- From: Dan Harkins [mailto:dharkins@cips.nokia.COM] Sent: Wednesday, March 14, 2001 7:50 PM To: Scott Fanning Cc: ipsec@lists.tislabs.com Subject: Re: Agenda for the Minneapolis meeting I don't have any powerpoint slides or anything like that but what I'm going to talk about is: *) what is this-- RFC2407+RFC2408+RFC2409 = new draft *) why do this? - we have an overly complex way to get SAs for IPsec. - a general feeling of "I don't like IKE", published criticism, and general fear of an overly complex security protocol. - it's not so bad that we need to throw it all out and start over again-- there are nice features to keep. *) why do we have what we have? - original idea of a generic transport (ISAKMP) which could have multiple key exchanges defined on it, a generic key exchange which can establish "security associations" for multiple services, and a service definition for IPsec. - these layers created ambiguity. - key management war resulted in a please all people at all costs mentality that caused an explosion of options. *) what does it mean to combine these three RFCs? - no "layer violations" when defining things (like the commit bit: it's from a header defined in RFC2408 used in an exchange defined in RFC2409 because of an aspect of the service defined in RFC2407) so we gain in clarity. - we lose the generic transport and generic key exchange and gain a key exchange and security association establishment protocol for IPsec. - some things, like Aggressive Mode and New Group Mode, get left behind for possible redefinition and advancement in an independent draft. - advances in the state-of-the-art should depricate some of the mandatory options-- DES, group1-- and that can happen in a rewrite. - many of the suggestions for protocol improvement can be incorporated. How many and which ones is up to the working group. I'm glad this is eliciting interest. I've brought the subject up on the list in the past and there didn't seem to be much interest. Please comment! There has also been an offline discussion about not caling it IKE anymore since it won't really be IKE and any comments on that idea are solicited as well. Dan. On Wed, 14 Mar 2001 15:30:07 PST you wrote > For those of us not able to attend Minneapolis, is there any info on "Son of > IKE" that we can comment on via this list before the meeting? > > Thanks > Scott > ----- Original Message ----- > From: <tytso@mit.edu> > To: <ipsec@lists.tislabs.com> > Sent: Wednesday, March 14, 2001 3:07 PM > Subject: Agenda for the Minneapolis meeting > > > > Hi all, > > > > My apologies for not prepared an agenda earlier; both Barbara and I have > > been rather swamped at work lately..... > > > > This agenda is a draft; if you would like to request some time at the > > IPSEC meeting. Please send e-mail to Barbara and I ASAP. Many thanks. > > > > - Ted > > > > A. D. Keromytis > > > > On the Use of SCTP with IPsec > > > > Dan Harkins > > > > "Son of Ike" > > > > IPSEC MIB documents > > > > draft-ietf-ipsec-isakmp-di-mon-mib-03.txt > > draft-ietf-ipsec-ike-monitor-mib-02.txt > > draft-ietf-ipsec-monitor-mib-04.txt > > > > Jari Arkko -- IPSEC and IPV6 > > > > Effects on ICMPv6 on IKE and IPsec Policies > > Manual SA Configuration for IPv6 Link Local Messages > > > > Tissa Senevirathne > > > > http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-doi-00.txt > > > > IPSEC and NAT > > > > Markus Stenberg <mstenber@ssh.com> > > > > draft-stenberg-ipsec-nat-traversal-02 > > > > William Dixon > > > > draft-huttunen-ipsec-esp-in-udp-01 > > > > >
- Agenda for the Minneapolis meeting tytso
- Re: Agenda for the Minneapolis meeting Scott Fanning
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Mike_Borella
- Re: Agenda for the Minneapolis meeting Scott Fanning
- RE: Agenda for the Minneapolis meeting Mason, David
- Re: Agenda for the Minneapolis meeting Sandy Harris
- Re: Agenda for the Minneapolis meeting Scott Fanning
- Re: Agenda for the Minneapolis meeting Francis Dupont
- Re: Agenda for the Minneapolis meeting Scott Fluhrer
- Re: Agenda for the Minneapolis meeting Sandy Harris
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Henry Spencer
- Re: Agenda for the Minneapolis meeting Bill Sommerfeld
- Re: Agenda for the Minneapolis meeting Michael Richardson
- Re: Agenda for the Minneapolis meeting Hugo Krawczyk
- RE: Agenda for the Minneapolis meeting Mason, David
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Mark Baugher
- Re: Agenda for the Minneapolis meeting Michael Thomas
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Theodore Tso
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Steven M. Bellovin
- RE: Agenda for the Minneapolis meeting Lordello, Claudio
- Re: Agenda for the Minneapolis meeting Brian Weis
- Re: Agenda for the Minneapolis meeting Michael Thomas
- Re: Agenda for the Minneapolis meeting Paul Hoffman / VPNC
- Re: Agenda for the Minneapolis meeting Henry Spencer
- Re: Agenda for the Minneapolis meeting Scott Thomas Fanning
- Re: Agenda for the Minneapolis meeting Tissa Senevirathne
- Re: Agenda for the Minneapolis meeting Pyda Srisuresh
- Re: Agenda for the Minneapolis meeting Theodore Tso
- Re: Agenda for the Minneapolis meeting Theodore Tso
- RE: Agenda for the Minneapolis meeting Christian Franzen
- Re: Agenda for the Minneapolis meeting Stephen Kent
- IKE DOIs (was Re: Agenda for the Minneapolis meet… Mark Baugher
- Re: Agenda for the Minneapolis meeting Mark Baugher
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Ari Huttunen
- Re: Agenda for the Minneapolis meeting Sandy Harris
- Re: Agenda for the Minneapolis meeting Dan Harkins
- RE: Agenda for the Minneapolis meeting Joseph D. Harwood
- Son of IKE (was Agenda for the Minneapolis meetin… Scott Fanning
- RE: Agenda for the Minneapolis meeting Stephen Kent
- Re: Agenda for the Minneapolis meeting Tero Kivinen
- RE: Agenda for the Minneapolis meeting Black_David
- RE: Agenda for the Minneapolis meeting Ishola, Yemi
- Re: Agenda for the Minneapolis meeting Steven M. Bellovin