Re: [IPsec] IPsec maintenance/extensions WG, summary so far
"Peng Yang" <peng.yang.chn@gmail.com> Mon, 26 May 2008 06:41 UTC
Return-Path: <ipsec-bounces@ietf.org>
X-Original-To: ipsec-archive@megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F9983A6A37; Sun, 25 May 2008 23:41:46 -0700 (PDT)
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3537B3A6A37 for <ipsec@core3.amsl.com>; Sun, 25 May 2008 23:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C+FP8IhiYSip for <ipsec@core3.amsl.com>; Sun, 25 May 2008 23:41:44 -0700 (PDT)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by core3.amsl.com (Postfix) with ESMTP id 12C4D3A6964 for <ipsec@ietf.org>; Sun, 25 May 2008 23:41:44 -0700 (PDT)
Received: by wf-out-1314.google.com with SMTP id 27so1664208wfd.31 for <ipsec@ietf.org>; Sun, 25 May 2008 23:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=o8gzQ0L18j9y4Ws38aIAkSAR+SQ/uvwx31reH/HHV2I=; b=Z6q5LuC/VDpDreYqISzp8fiTQJrXBP3IfKzMEcq9pr/hE/a9d+hBOQx6O5RGGedR5j09Nfgim2AB0jG/pxif5lmVDnZJhLPkGLX0LG7lqe075PNK4LKpECNV858CcYTyqEORP9BYofeLINEJoUPkmGm3gk6reeTsB6X/q8EmTfY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=wmnn/YCCIym2JaIRF5TAUE8h1g8NNnRTJIfCa0niDoMNl5+cJuet26g+XugU89+z4Ap6ZwCH0b47/3BaJsaXFIYAzN4CCKCK9h+lFmywGsRgzmyiK93gBiZWi5BqwgVLRjYxcIYInqrRcHIELlRNhHZq7WRJ1uF7X9N/UkAlN7c=
Received: by 10.142.154.20 with SMTP id b20mr1848569wfe.150.1211784103825; Sun, 25 May 2008 23:41:43 -0700 (PDT)
Received: by 10.142.211.11 with HTTP; Sun, 25 May 2008 23:41:43 -0700 (PDT)
Message-ID: <4c5c7a6d0805252341r84994d3tf66505ee9ee1fdf9@mail.gmail.com>
Date: Mon, 26 May 2008 14:41:43 +0800
From: Peng Yang <peng.yang.chn@gmail.com>
To: ipsec@ietf.org, Pasi.Eronen@nokia.com
MIME-Version: 1.0
Content-Disposition: inline
Subject: Re: [IPsec] IPsec maintenance/extensions WG, summary so far
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Hi, Pasi and all: Sorry for late post. [ECR] IKEv2 session resumption / optimizing IKEv2 handshake when connecting again to same peer/cluster of peers (possible starting point: draft-sheffer-ipsec-failover) [ECR] MEXT: interaction between IPsec and Mobile IP, Mobile IP specific extensions to IPsec [ECR] Using GRE "key" header field as IPsec traffic selector (possible starting point: draft-ma-softwire-ipsec-gre-demultiplexing-ps) Thanks a lot Cheers, Peny My interest list has following items. > > [CR] o Update to IKEv2 base specification (possible starting point: > draft-hoffman-ikev2bis) > > [ECR] o Redirecting a VPN client from one gateway to another > (in a cluster of gateways) > > [CR] o Better IPv6 configuration payloads (possible starting point: > draft-eronen-ipsec-ikev2-ipv6-config) Thanks. Sincerely, fan >>So far, we've had ~20 people who've expressed some form of support >>for creating a WG. This is good -- many current WGs have less than 20 >>people who regularly post to the WG mailing list. >>However, by my count, we've also had ~20 proposals for work items. >>That obviously does not add up. >>I agree with Paul's comment about the WG scope: the WG should work >>on things where having a WG is really needed, and we actually have a >>*group* of people interested on participating. >>Having a WG should not encourage people to develop extensions that >>would not have happened in the absence of a WG (this usually indicates >>they're not widely needed). For some work items that have been >>proposed, an individual draft is IMHO a more appropriate process >>mechanism, and forming a WG would not automatically prevent >>publication of non-WG documents the WG decided not to take. >>To get some idea on what work items we have most interest in, I've >>collected those proposed so far (with some things vendors are known to >>do in proprietary ways thrown in). Please select the items you think the WG should work on (less than ten, please), order them most important first, and for each item, indicate what you're willing to do: [E]dit: you're willing to edit the draft corresponding to the work item (note: even if we use an individual draft as a starting point, this does not automatically determine the editor of the WG item) [C]ontribute: you're willing to propose non-trivial amounts of text for the document during its development [R]eview: you're willing to review new revisions of the draft regularly (not just during WGLC) For example, [CR] AEAD algorithms in IKEv2 [R] IPsec document roadmap update would mean that AEAD algorithms is your first priority, and you volunteer to contribute and review; and IPsec document roadmap is your second priority, and you volunteer to review. You can also propose a work item that isn't on my list. However, for the time being, I think PF_KEY work does not fit within the scope of the possible WG charter. List follows: o Update to IKEv2 base specification (possible starting point: draft-hoffman-ikev2bis) o IPsec document roadmap update (possible starting point: RFC 2411) o Using AEAD algorithms in IKEv2 (possible starting point: draft-black-ipsec-ikev2-aead-modes) o Redirecting a VPN client from one gateway to another (in a cluster of gateways) o IPsec "secure beacon", or detecting whether you need VPN or not (possible starting point: draft-sheffer-ipsec-secure-beacon) o Detecting crashed peers faster (possible starting point: draft-nir-ike-qcd) o IKEv2 session resumption / optimizing IKEv2 handshake when connecting again to same peer/cluster of peers (possible starting point: draft-sheffer-ipsec-failover) o Authentication-only IPsec that simplifies packet inspection (possible starting points: draft-hoffman-esp-null-protocol, draft-grewal-ipsec-traffic-visibility) o Better IPv6 configuration payloads (possible starting point: draft-eronen-ipsec-ikev2-ipv6-config) o Other work for making sure IKEv1 and IKEv2 work as well as possible with IPv6, both from standards and operations standpoint (please specify more details if you select this one) o Running IPsec over TCP (so your VPN works even if the coffee shop Wi-Fi has stupid packet filtering) o GSS-API (or Kerberos) authentication for IKEv2 o Non-EAP-based one-time password authentication (possible starting point: draft-sunabhi-otp-ikev2) o Using GRE "key" header field as IPsec traffic selector (possible starting point: draft-ma-softwire-ipsec-gre-demultiplexing-ps) o Authentication with Cryptographically Generated Addresses (CGA) (possible starting point: draft-laganier-ike-ipv6-cga) o Guidelines for Mandating the Use of IPsec, for RFC430x IPsec (possible starting point: draft-bellovin-useipsec) o Labeled IPsec for RFC 430x IPsec o IKEv1/IKEv2 co-existence and transition (please specify more details if you select this one) o Setting up GRE tunnels with IKE (possible starting point: draft-wu-l3vpn-ipsec-gre-00) o Connecting IKEv2 peers behind NATs via a "mediation server" (possible starting point: draft-brunner-ikev2-mediation) o Anything that may be needed from IKE/IPsec with respect to routing protocol security (please specify more details if you select this one) o Documenting differences in IPsec usage in IETF vs. 3GPP vs. 3GPP2 vs. WiMAX vs. vendors etc. (please specify more details if you select this one) o IKEv2 CAPTCHA (possible starting point: draft-mutaf-spikev2-01.txt) Please reply (on the mailing list) within a week or so -- I will then summarize what we have. Best regards, Pasi --- P.S. It's good to note that we currently have several other WGs working on IPsec: o BMWG: benchmarking IPsec devices o BTNS: unauthenticated or leap-of-faith IPsec, channel bindings, IPsec APIs for applications (not key management daemons like PF_KEY) o MEXT: interaction between IPsec and Mobile IP, Mobile IP specific extensions to IPsec o MSEC: multicast IPsec o ROHC: header compression in IPsec tunnel mode SAs o SOFTWIRE: IPsec tunnels as a softwire, setting those up based on BGP etc. These WGs will continue as-is, and e.g. any changes to their charters are not in the scope of this discussion. Future work items could be considered case-by-case, but the intent is *not* to collect all IPsec-related work to one WG. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] IPsec maintenance/extensions WG, summary … Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Arnaud Ebalard
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jari Arkko
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan Harkins
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Charlie Kaufman
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan McDonald
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Suresh Krishnan
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Lakshminath Dondeti
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Ana Kukec
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Andreas Steffen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Kumar, Sunil
- Re: [IPsec] IPsec maintenance/extensions WG, summ… ma yc
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Grewal, Ken
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yaron Sheffer
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Cheryl Madson
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yingzhe Wu
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen@nokia.com
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jean-Michel Combes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Joy Latten
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang