[IPsec] Charter update
Yaron Sheffer <yaronf.ietf@gmail.com> Sat, 19 July 2014 16:48 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 911FA1B28F7 for <ipsec@ietfa.amsl.com>; Sat, 19 Jul 2014 09:48:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CmHgVVFeNsJ for <ipsec@ietfa.amsl.com>; Sat, 19 Jul 2014 09:48:17 -0700 (PDT)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A56D1A0167 for <ipsec@ietf.org>; Sat, 19 Jul 2014 09:48:16 -0700 (PDT)
Received: by mail-we0-f173.google.com with SMTP id q58so5927767wes.32 for <ipsec@ietf.org>; Sat, 19 Jul 2014 09:48:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=xZLUc2w2pnz6G33mSQGGaLITyvDbzJA5ndiGoBfpnZQ=; b=eIBSrLImuDFKvZrhuZeCoUyDZuUA80bmqJ/TotIKTUak0e2XS8w9Z5SAe5beWttRyl NbGM3qvRhhnb4h+iZ7f/wsBijkquM5ZbhM2iKwRDPoyX2wYX7wM3DIt/6TtwJ7VF02JM yYqnAODnCZe22hyeknQ2WYpklG5nj2+MNeOGm0WyQzYp0j1KbcbREiN3FirKG6GCMEkw ZImbjPFh/F6i1JEKT23fpisUpsKWXukqiXCjSOcJ4EZNZq0nmX4ffTKMh0HGdk7vIVe2 Fp8S5JF6SfbDPa0E9TsuLpotZOCypXD+O2GNdxQETWp76AWzRb8/Se1LxVcXMzpAh/3+ NGSw==
X-Received: by 10.180.10.166 with SMTP id j6mr12074338wib.73.1405788495321; Sat, 19 Jul 2014 09:48:15 -0700 (PDT)
Received: from [10.0.0.1] ([109.67.0.77]) by mx.google.com with ESMTPSA id wi9sm23078362wjc.23.2014.07.19.09.48.14 for <ipsec@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 19 Jul 2014 09:48:14 -0700 (PDT)
Message-ID: <53CAA14C.80301@gmail.com>
Date: Sat, 19 Jul 2014 19:48:12 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: IPsecME WG <ipsec@ietf.org>
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/cHVti55YV4tR8JQfeK7LQxwLZpA
Subject: [IPsec] Charter update
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jul 2014 16:48:18 -0000
Our existing charter (http://tools.ietf.org/wg/ipsecme/charters" rel="nofollow">http://tools.ietf.org/wg/ipsecme/charters) is badly out of date. Below is a proposed charter revision. Please review and comment on the list. We might also discuss the new charter in the face-to-face next week.
Thanks,
Paul and Yaron
IP Security Maintenance and Extensions (ipsecme)
------------------------------------------------
Charter
Current Status: Active
Chairs:
Paul E. Hoffman <paul.hoffman@vpnc.org>
Yaron Sheffer <yaronf.ietf@gmail.com>
Security Area Directors:
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Security Area Advisor:
Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Mailing Lists:
General Discussion: ipsec@ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/ipsec" rel="nofollow">https://www.ietf.org/mailman/listinfo/ipsec
Archive: http://www.ietf.org/mail-archive/web/ipsec/" rel="nofollow">http://www.ietf.org/mail-archive/web/ipsec/
Description of Working Group:
The IPsec suite of protocols includes IKEv1 (RFC 2409
and associated RFCs), IKEv2 (RFC 5996), and the IPsec
security architecture (RFC 4301). IPsec is widely
deployed in VPN gateways, VPN remote access clients,
and as a substrate for host-to-host, host-to-network,
and network-to-network security.
The IPsec Maintenance and Extensions Working Group
continues the work of the earlier IPsec Working Group
which was concluded in 2005. Its purpose is to maintain
the IPsec standard and to facilitate discussion of
clarifications, improvements, and extensions to IPsec,
mostly to IKEv2. The working group also serves as a
focus point for other IETF Working Groups who use IPsec
in their own protocols.
The current work items include:
Recently discovered incorrect behavior of ISPs poses a
challenge to IKE, whose UDP messages (especially #3 and #4)
sometimes get fragmented at the IP level and then dropped
by these ISPs. There is interest in solving this issue by
allowing transport of IKE over TCP; this is currently
implemented by some vendors. The group will standardize such
a solution.
The WG will review and revise the list of mandatory-to-
implement algorithms for ESP and AH based on five years of experience
with newer algorithms and cryptographic modes.
The WG will revise the IKEv2 specification with a small number
of mandatory tests required for the secure operation of IKEv2
when using elliptic curve cryptography. This work will be based
on draft-sheffer-ipsecme-dh-checks.
IKEv2 has had many interoperable implementations and can now be considered
a mature protocol. The WG will republish the protocol as an Internet Standard.
At the time of writing, all the above are in late stages of the IETF process.
Therefore, the WG will go into low-power mode: it will remain active as a focal point
for the IPsec community. But it will only take on new work items if a strong community
interest can be seen.
This charter will expire in July 2015 (12 months from approval).
If the charter is not updated before that time, the WG will be
closed and any remaining documents revert back to individual
Internet-Drafts.
Goals and Milestones:
Done - IETF Last Call on large scale VPN use cases and requirements
Done - IETF last call on IKE fragmentation solution
Done - IETF last call on new mandatory-to-implement algorithms
[No current milestones]
- [IPsec] Charter update Yaron Sheffer
- Re: [IPsec] Charter update Paul Wouters
- Re: [IPsec] Charter update Yaron Sheffer
- Re: [IPsec] Charter update Paul Wouters
- Re: [IPsec] Charter update Yaron Sheffer
- Re: [IPsec] Charter update Daniel Migault
- Re: [IPsec] Charter update Paul Hoffman
- Re: [IPsec] Charter update Sean Turner
- Re: [IPsec] Charter update Michael Richardson