Re: [IPsec] IPsec maintenance/extensions WG, summary so far
Lakshminath Dondeti <ldondeti@qualcomm.com> Fri, 09 May 2008 19:23 UTC
Return-Path: <ipsec-bounces@ietf.org>
X-Original-To: ipsec-archive@megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03EAE3A67FD; Fri, 9 May 2008 12:23:23 -0700 (PDT)
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DC5F3A67FD for <ipsec@core3.amsl.com>; Fri, 9 May 2008 12:23:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4n0OKYnynFW for <ipsec@core3.amsl.com>; Fri, 9 May 2008 12:23:19 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 0DA443A67CE for <ipsec@ietf.org>; Fri, 9 May 2008 12:23:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=ldondeti@qualcomm.com; q=dns/txt; s=qcdkim; t=1210360998; x=1241896998; h=message-id:date:from:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-ironport-av; z=Message-ID:=20<4824A40A.7040408@qualcomm.com>|Date:=20Fr i,=2009=20May=202008=2012:20:42=20-0700|From:=20Lakshmina th=20Dondeti=20<ldondeti@qualcomm.com>|User-Agent:=20Thun derbird=202.0.0.14=20(Windows/20080421)|MIME-Version:=201 .0|To:=20Pasi.Eronen@nokia.com|CC:=20ipsec@ietf.org |Subject:=20Re:=20[IPsec]=20IPsec=20maintenance/extension s=20WG,=20summary=20so=20far|References:=20<1696498986EFE C4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com> |In-Reply-To:=20<1696498986EFEC4D9153717DA325CB728D5AF2@v aebe104.NOE.Nokia.com>|Content-Type:=20text/plain=3B=20ch arset=3DISO-8859-15=3B=20format=3Dflowed |Content-Transfer-Encoding:=207bit|X-IronPort-AV:=20E=3DM cAfee=3Bi=3D"5100,188,5292"=3B=20a=3D"2841995"; bh=vo4H3AT/aoQEOjcNOw6S5dmmFn7uvRexhG2s+cTuLjU=; b=kzZVPV9rYaaFabBdBQRaoh+KGCcamz/JRZ7nVk7hGGOX5+uWHopx4JnF 9F8ziFltKl4YTSz+r5gjPnza7TGfY9t5FTz7JvMXBAn2Or6ZsztmA8dNN 6nZ6QYJqVnQrmnNsEiA6Y+nJ+hUQ5EApyXNeQyUShjouvQTrt4OmuR8Z3 w=;
X-IronPort-AV: E=McAfee;i="5100,188,5292"; a="2841995"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 May 2008 12:20:41 -0700
Received: from msgtransport05.qualcomm.com (msgtransport05.qualcomm.com [129.46.61.150]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m49JKdn7027613 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 9 May 2008 12:20:39 -0700
Received: from [10.50.68.20] (qconnect-10-50-68-20.qualcomm.com [10.50.68.20]) by msgtransport05.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m49JKciQ027095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 9 May 2008 12:20:39 -0700
Message-ID: <4824A40A.7040408@qualcomm.com>
Date: Fri, 09 May 2008 12:20:42 -0700
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Pasi.Eronen@nokia.com
References: <1696498986EFEC4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com>
In-Reply-To: <1696498986EFEC4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com>
Cc: ipsec@ietf.org
Subject: Re: [IPsec] IPsec maintenance/extensions WG, summary so far
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
I will probably review the NAT related stuff as well, and in general might review most of the documents chartered anyway. Will contribute at least to the failover related stuff. At some point I was interested in the "use-IPsec" type of work, but I am not so sure it is really useful. The work on documenting differences in IPsec usage says something about this already. :) regards, Lakshminath On 5/7/2008 3:19 AM, Pasi.Eronen@nokia.com wrote: > List follows: > [R] Update to IKEv2 base specification (possible starting point: draft-hoffman-ikev2bis) > [R] IPsec document roadmap update (possible starting point: RFC 2411) > [R] Using AEAD algorithms in IKEv2 (possible starting point: draft-black-ipsec-ikev2-aead-modes) > [R] Redirecting a VPN client from one gateway to another (in a cluster of gateways) > > o IPsec "secure beacon", or detecting whether you need VPN or > not (possible starting point: draft-sheffer-ipsec-secure-beacon) > > o Detecting crashed peers faster (possible starting point: > draft-nir-ike-qcd) > [ECR] IKEv2 session resumption / optimizing IKEv2 handshake when connecting again to same peer/cluster of peers (possible starting point: draft-sheffer-ipsec-failover) > [R] Authentication-only IPsec that simplifies packet inspection > (possible starting points: draft-hoffman-esp-null-protocol, > draft-grewal-ipsec-traffic-visibility) > > o Better IPv6 configuration payloads (possible starting point: > draft-eronen-ipsec-ikev2-ipv6-config) > > o Other work for making sure IKEv1 and IKEv2 work as well as > possible with IPv6, both from standards and operations standpoint > (please specify more details if you select this one) > > o Running IPsec over TCP (so your VPN works even if the coffee > shop Wi-Fi has stupid packet filtering) > > o GSS-API (or Kerberos) authentication for IKEv2 > > o Non-EAP-based one-time password authentication (possible > starting point: draft-sunabhi-otp-ikev2) > > o Using GRE "key" header field as IPsec traffic selector (possible > starting point: draft-ma-softwire-ipsec-gre-demultiplexing-ps) > > o Authentication with Cryptographically Generated Addresses (CGA) > (possible starting point: draft-laganier-ike-ipv6-cga) > > o Guidelines for Mandating the Use of IPsec, for RFC430x IPsec > (possible starting point: draft-bellovin-useipsec) > > o Labeled IPsec for RFC 430x IPsec > > o IKEv1/IKEv2 co-existence and transition (please specify more > details if you select this one) > > o Setting up GRE tunnels with IKE (possible starting point: > draft-wu-l3vpn-ipsec-gre-00) > > o Connecting IKEv2 peers behind NATs via a "mediation server" > (possible starting point: draft-brunner-ikev2-mediation) > > o Anything that may be needed from IKE/IPsec with respect to > routing protocol security (please specify more details if > you select this one) > [CR] Documenting differences in IPsec usage in IETF vs. 3GPP vs. 3GPP2 vs. WiMAX vs. vendors etc. (please specify more details > if you select this one) > > o IKEv2 CAPTCHA > (possible starting point: draft-mutaf-spikev2-01.txt) > > Please reply (on the mailing list) within a week or so -- I will > then summarize what we have. > > Best regards, > Pasi > > --- > > P.S. It's good to note that we currently have several other WGs > working on IPsec: > > o BMWG: benchmarking IPsec devices > > o BTNS: unauthenticated or leap-of-faith IPsec, channel bindings, > IPsec APIs for applications (not key management daemons like > PF_KEY) > > o MEXT: interaction between IPsec and Mobile IP, Mobile IP > specific extensions to IPsec > > o MSEC: multicast IPsec > > o ROHC: header compression in IPsec tunnel mode SAs > > o SOFTWIRE: IPsec tunnels as a softwire, setting those up > based on BGP etc. > > These WGs will continue as-is, and e.g. any changes to their charters > are not in the scope of this discussion. Future work items could be > considered case-by-case, but the intent is *not* to collect all > IPsec-related work to one WG. > > --- > > P.P.S. Acknowledgement: if you followed how Julien Laganier and > Marcelo Bagnulo handled the MEXT WG rechartering recently, you'll > notice I have stolen some ideas from them :-) > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] IPsec maintenance/extensions WG, summary … Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Arnaud Ebalard
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jari Arkko
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan Harkins
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Charlie Kaufman
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan McDonald
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Suresh Krishnan
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Lakshminath Dondeti
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Ana Kukec
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Andreas Steffen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Kumar, Sunil
- Re: [IPsec] IPsec maintenance/extensions WG, summ… ma yc
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Grewal, Ken
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yaron Sheffer
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Cheryl Madson
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yingzhe Wu
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen@nokia.com
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jean-Michel Combes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Joy Latten
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang