RE: Agenda for the Minneapolis meeting
"Lordello, Claudio" <CLordello@unispherenetworks.com> Fri, 16 March 2001 00:19 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.9.3/8.9.3) with ESMTP id QAA20565; Thu, 15 Mar 2001 16:19:19 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id SAA20367 Thu, 15 Mar 2001 18:22:48 -0500 (EST)
Message-ID: <490717515EE6D41187A60003470D7136025247@kanatamail.kanata.unispherenetworks.ca>
From: "Lordello, Claudio" <CLordello@unispherenetworks.com>
To: 'Dan Harkins' <dharkins@cips.nokia.COM>, Scott Fanning <sfanning@cisco.com>
Cc: ipsec@lists.tislabs.com
Subject: RE: Agenda for the Minneapolis meeting
Date: Thu, 15 Mar 2001 18:26:12 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
My 2 cents: Clarifications of the ID payloads and their use in phase I and phase II exchanges would be great. Claudio. > -----Original Message----- > From: Dan Harkins [mailto:dharkins@cips.nokia.COM] > Sent: Wednesday, March 14, 2001 7:50 PM > To: Scott Fanning > Cc: ipsec@lists.tislabs.com > Subject: Re: Agenda for the Minneapolis meeting > > > I don't have any powerpoint slides or anything like that > but what I'm > going to talk about is: > > *) what is this-- RFC2407+RFC2408+RFC2409 = new draft > *) why do this? > - we have an overly complex way to get SAs for IPsec. > - a general feeling of "I don't like IKE", published > criticism, and general fear of an overly complex > security protocol. > - it's not so bad that we need to throw it all out > and start over again-- there are nice features to keep. > *) why do we have what we have? > - original idea of a generic transport (ISAKMP) which could > have multiple key exchanges defined on it, a generic key > exchange which can establish "security associations" for > multiple services, and a service definition for IPsec. > - these layers created ambiguity. > - key management war resulted in a please all people at all > costs mentality that caused an explosion of options. > *) what does it mean to combine these three RFCs? > - no "layer violations" when defining things (like > the commit > bit: it's from a header defined in RFC2408 used in > an exchange > defined in RFC2409 because of an aspect of the > service defined > in RFC2407) so we gain in clarity. > - we lose the generic transport and generic key exchange and > gain a key exchange and security association establishment > protocol for IPsec. > - some things, like Aggressive Mode and New Group Mode, get > left behind for possible redefinition and > advancement in an > independent draft. > - advances in the state-of-the-art should depricate > some of the > mandatory options-- DES, group1-- and that can happen in a > rewrite. > - many of the suggestions for protocol improvement can be > incorporated. How many and which ones is up to the working > group. > > I'm glad this is eliciting interest. I've brought the > subject up on the > list in the past and there didn't seem to be much interest. > Please comment! > There has also been an offline discussion about not caling it > IKE anymore > since it won't really be IKE and any comments on that idea > are solicited > as well. > > Dan. > > On Wed, 14 Mar 2001 15:30:07 PST you wrote > > For those of us not able to attend Minneapolis, is there > any info on "Son of > > IKE" that we can comment on via this list before the meeting? > > > > Thanks > > Scott > > ----- Original Message ----- > > From: <tytso@mit.edu> > > To: <ipsec@lists.tislabs.com> > > Sent: Wednesday, March 14, 2001 3:07 PM > > Subject: Agenda for the Minneapolis meeting > > > > > > > Hi all, > > > > > > My apologies for not prepared an agenda earlier; both > Barbara and I have > > > been rather swamped at work lately..... > > > > > > This agenda is a draft; if you would like to request some > time at the > > > IPSEC meeting. Please send e-mail to Barbara and I ASAP. > Many thanks. > > > > > > - Ted > > > > > > A. D. Keromytis > > > > > > On the Use of SCTP with IPsec > > > > > > Dan Harkins > > > > > > "Son of Ike" > > > > > > IPSEC MIB documents > > > > > > draft-ietf-ipsec-isakmp-di-mon-mib-03.txt > > > draft-ietf-ipsec-ike-monitor-mib-02.txt > > > draft-ietf-ipsec-monitor-mib-04.txt > > > > > > Jari Arkko -- IPSEC and IPV6 > > > > > > Effects on ICMPv6 on IKE and IPsec Policies > > > Manual SA Configuration for IPv6 Link Local Messages > > > > > > Tissa Senevirathne > > > > > > http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-doi-00.txt > > > > IPSEC and NAT > > > > Markus Stenberg <mstenber@ssh.com> > > > > draft-stenberg-ipsec-nat-traversal-02 > > > > William Dixon > > > > draft-huttunen-ipsec-esp-in-udp-01 > > > > >
- Agenda for the Minneapolis meeting tytso
- Re: Agenda for the Minneapolis meeting Scott Fanning
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Mike_Borella
- Re: Agenda for the Minneapolis meeting Scott Fanning
- RE: Agenda for the Minneapolis meeting Mason, David
- Re: Agenda for the Minneapolis meeting Sandy Harris
- Re: Agenda for the Minneapolis meeting Scott Fanning
- Re: Agenda for the Minneapolis meeting Francis Dupont
- Re: Agenda for the Minneapolis meeting Scott Fluhrer
- Re: Agenda for the Minneapolis meeting Sandy Harris
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Henry Spencer
- Re: Agenda for the Minneapolis meeting Bill Sommerfeld
- Re: Agenda for the Minneapolis meeting Michael Richardson
- Re: Agenda for the Minneapolis meeting Hugo Krawczyk
- RE: Agenda for the Minneapolis meeting Mason, David
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Mark Baugher
- Re: Agenda for the Minneapolis meeting Michael Thomas
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Theodore Tso
- Re: Agenda for the Minneapolis meeting Dan Harkins
- Re: Agenda for the Minneapolis meeting Steven M. Bellovin
- RE: Agenda for the Minneapolis meeting Lordello, Claudio
- Re: Agenda for the Minneapolis meeting Brian Weis
- Re: Agenda for the Minneapolis meeting Michael Thomas
- Re: Agenda for the Minneapolis meeting Paul Hoffman / VPNC
- Re: Agenda for the Minneapolis meeting Henry Spencer
- Re: Agenda for the Minneapolis meeting Scott Thomas Fanning
- Re: Agenda for the Minneapolis meeting Tissa Senevirathne
- Re: Agenda for the Minneapolis meeting Pyda Srisuresh
- Re: Agenda for the Minneapolis meeting Theodore Tso
- Re: Agenda for the Minneapolis meeting Theodore Tso
- RE: Agenda for the Minneapolis meeting Christian Franzen
- Re: Agenda for the Minneapolis meeting Stephen Kent
- IKE DOIs (was Re: Agenda for the Minneapolis meet… Mark Baugher
- Re: Agenda for the Minneapolis meeting Mark Baugher
- RE: Agenda for the Minneapolis meeting Andrew Krywaniuk
- Re: Agenda for the Minneapolis meeting Ari Huttunen
- Re: Agenda for the Minneapolis meeting Sandy Harris
- Re: Agenda for the Minneapolis meeting Dan Harkins
- RE: Agenda for the Minneapolis meeting Joseph D. Harwood
- Son of IKE (was Agenda for the Minneapolis meetin… Scott Fanning
- RE: Agenda for the Minneapolis meeting Stephen Kent
- Re: Agenda for the Minneapolis meeting Tero Kivinen
- RE: Agenda for the Minneapolis meeting Black_David
- RE: Agenda for the Minneapolis meeting Ishola, Yemi
- Re: Agenda for the Minneapolis meeting Steven M. Bellovin