IETF Logo Mail Archive

Re: [IPsec] Proposed wording for a revised charter

Victor Pascual Avila <victor.pascual.avila@oracle.com> Tue, 01 March 2016 17:07 UTC

Return-Path: <victor.pascual.avila@oracle.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 497831B2FA6 for <ipsec@ietfa.amsl.com>; Tue, 1 Mar 2016 09:07:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iHRkrs2j7Z2d for <ipsec@ietfa.amsl.com>; Tue, 1 Mar 2016 09:07:53 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B6821B2FC4 for <ipsec@ietf.org>; Tue, 1 Mar 2016 09:07:50 -0800 (PST)
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u21H7m43031581 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 1 Mar 2016 17:07:49 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u21H7l3n011290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 1 Mar 2016 17:07:47 GMT
Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u21H7lIw028027; Tue, 1 Mar 2016 17:07:47 GMT
MIME-Version: 1.0
Message-ID: <615bd04b-b000-4680-b755-f89e55a0daf0@default>
Date: Tue, 01 Mar 2016 09:07:46 -0800
From: Victor Pascual Avila <victor.pascual.avila@oracle.com>
Sender: Victor Pascual Avila <victor.pascual.avila@oracle.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, IPsecME WG <ipsec@ietf.org>
References: <82BDFE1B-EF80-49EA-BD47-4D77C5E812EA@vpnc.org>
In-Reply-To: <82BDFE1B-EF80-49EA-BD47-4D77C5E812EA@vpnc.org>
X-Priority: 3
X-Mailer: Oracle Beehive Extensions for Outlook 2.0.1.9 (901082) [OL 15.0.4797.0 (x86)]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/OHrlp-keHZbtD8rmIP4dZmKGzjU>
Subject: Re: [IPsec] Proposed wording for a revised charter
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 17:07:59 -0000

Shall we include firewall traversal/TCP encapsulation as part of the charter as discussed in draft-pauly-ipsecme-tcp-encaps?

Cheers,
-Victor

-----Original Message-----
From: Paul Hoffman [mailto:paul.hoffman@vpnc.org] 
Sent: 01 March 2016 17:18
To: IPsecME WG <ipsec@ietf.org>
Subject: [IPsec] Proposed wording for a revised charter

Greetings. We need to update our charter to reflect our current and expected work. Dave and I propose the following text. Please let us know within the next week if you have suggestions for changes.

--Paul Hoffman and Dave Waltermire


The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated RFCs),
IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301). IPsec is widely deployed in VPN gateways, VPN remote access clients, and as a substrate for host-to-host, host-to-network, and network-to-network security.

The IPsec Maintenance and Extensions Working Group continues the work of the earlier IPsec Working Group which was concluded in 2005. Its purpose is to maintain the IPsec standard and to facilitate discussion of clarifications, improvements, and extensions to IPsec, mostly to IKEv2.
The working group also serves as a focus point for other IETF Working Groups who use IPsec in their own protocols.

The current work items include:

IKEv2 contains the cookie mechanism to protect against denial of service attacks. However this mechanism cannot protect an IKE end-point (typically, a large gateway) from "distributed denial of service", a coordinated attack by a large number of "bots". The working group will analyze the problem and propose a solution, by offering best practices and potentially by extending the protocol.

IKEv2 utilizes a number of cryptographic algorithms in order to provide security services. To support interoperability a number of mandatory-to- implement (MTI) algorithms are defined in RFC4307. There is interest in updating the MTIs in
RFC4307 based on new algorithms, changes to the understood security strength of existing algorithms, and the degree of adoption of previously introduced algorithms. The group will revise RFC4307 proposing updates to the MIT algorithms used by IKEv2 to address these changes.

There is interest in supporting Curve25519 and Curve448 for ephemeral key exchange in the IKEv2 protocol. The group will extend the
IKEv2 protocol to support key agreement using these curves and their related functions.

This charter will expire in August 2016. If the charter is not updated before that time, the WG will be closed and any remaining documents revert back to individual Internet-Drafts.




_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email