[IPsec] IPsecME WG report from IETF 116
Tero Kivinen <kivinen@iki.fi> Wed, 29 March 2023 15:15 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B38C16950E; Wed, 29 Mar 2023 08:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WBjDyfhPVJVW; Wed, 29 Mar 2023 08:15:26 -0700 (PDT)
Received: from meesny.iki.fi (meesny.iki.fi [IPv6:2001:67c:2b0:1c1::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC5F9C169508; Wed, 29 Mar 2023 08:15:24 -0700 (PDT)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by meesny.iki.fi (Postfix) with ESMTPSA id 4PmqqW02p6zyWJ; Wed, 29 Mar 2023 18:15:18 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1680102919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wtVHiyXJDVe1rHXptryqMUrnq9Wa+Qeg8HjnkxXTZ9E=; b=R4U3D8fn5T+i9cnXGnErdx0yHqCebUAzp3xjEx+i9G7Y5rPt0Z6RIfedhL4BtQEEEj1I2v qhrs+KAhH6O9Svops1/eOqXjpuyeUsrKFxr+MNg4Dakn5+YEkCDco9XJCH2XliLHTj5F+I QIhNVaa6xKyARsVkSo2DSDG7kWVMVS0=
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1680102919; a=rsa-sha256; cv=none; b=qxkUSO5OYBuki0Jp9cJBeUgRkss7GJ1BsF8cZDuK700n2HcVpDINsfJOjShQNWrFhU2XDk dCA1NjsIc/aiBWYc+MyDnbf5iakE11bPNdGWIcuxL+swu9NqWnOOmcgiIwnnvpfJY+6C5+ 9F4coFjnTLbwnzM7NQoVV/rU26L/t0I=
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1680102919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wtVHiyXJDVe1rHXptryqMUrnq9Wa+Qeg8HjnkxXTZ9E=; b=v5g2WyTq+NgCnC5b032GH8nidzAnUAD1RE4rj4P79VyqaXh6SjSMPkv245AdAes5nNJ+Ax B7+oxSurZ4h0LuO9v8sOCZlbRVJN8mFgphGKHPqTbjt4W+tpKSLST7QG4fHbkiYEAyGKF/ npVwp61eKuBRdw3AH5Lo5V1PcWn3mOs=
Received: by fireball.acr.fi (Postfix, from userid 15204) id D2BD225C1304; Wed, 29 Mar 2023 18:15:17 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <25636.22021.788549.562466@fireball.acr.fi>
Date: Wed, 29 Mar 2023 18:15:17 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: saag@ietf.org
CC: ipsec@ietf.org
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 1 min
X-Total-Time: 1 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/J_ri1E5s2JsNZkEVaV4IBSU9QxU>
Subject: [IPsec] IPsecME WG report from IETF 116
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2023 15:15:28 -0000
This is the copy of the status update already posted to the datatracker: https://datatracker.ietf.org/group/ipsecme/about/status/ ---------------------------------------------------------------------- IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) were published as RFC. Multiple ke is in the IESG evaluation, and deprecation of IKEv1 and obsolete algorithms drafts are now in RFC editor queue. Labeled IPsec is in the IETF Last call, and IKEv2 Configuration for Encrypted DNS is waiting for AD followup. Group Key Management still would benefit from more reviews, we got one partial one, and few people has promised to do reviews. Submit the draft for early directorate review to get more reviews for it, and then submit it for publication. Announcing Supported Authentication Methods in IKEv2 got some comments, and needs a new revision. After that is done it is ready for 2nd WGLC. The Optional SA & TS Payload in Child Exchange, and multi sa performance are adopted as WG drafts, and the there has been some implementation testing of the first one, which has resulted several new questions and change requests to the draft. There has been some interest on the alternate approach for mixing preshared keys in ikev2 for post-quantum security, and there will be WG adoption call will be done after the open issues of the draft are solved, and new version is posted. Quite a lot of charter items have been finished, so we should start working on to do rechartering, and clear out old things already finished, and add some new work to the charter. -- kivinen@iki.fi
- [IPsec] IPsecME WG report from IETF 116 Tero Kivinen