IETF Logo Mail Archive

Re: [IPsec] IPsec maintenance/extensions WG, summary so far

Jari Arkko <jari.arkko@piuha.net> Wed, 07 May 2008 12:20 UTC

Return-Path: <ipsec-bounces@ietf.org>
X-Original-To: ipsec-archive@megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 337EE3A7148; Wed, 7 May 2008 05:20:34 -0700 (PDT)
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19C333A7148 for <ipsec@core3.amsl.com>; Wed, 7 May 2008 05:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[AWL=0.396, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oMcDMeW2KVT0 for <ipsec@core3.amsl.com>; Wed, 7 May 2008 05:20:31 -0700 (PDT)
Received: from smtp.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by core3.amsl.com (Postfix) with ESMTP id 33FFF3A69D5 for <ipsec@ietf.org>; Wed, 7 May 2008 05:20:31 -0700 (PDT)
Received: from smtp.piuha.net (localhost [127.0.0.1]) by smtp.piuha.net (Postfix) with ESMTP id 73B69198803; Wed, 7 May 2008 15:20:27 +0300 (EEST)
Received: from [127.0.0.1] (unknown [IPv6:2001:14b8:400::130]) by smtp.piuha.net (Postfix) with ESMTP id 390A0198713; Wed, 7 May 2008 15:20:23 +0300 (EEST)
Message-ID: <48219E8D.7090001@piuha.net>
Date: Wed, 07 May 2008 14:20:29 +0200
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 1.5.0.14ubu (X11/20080306)
MIME-Version: 1.0
To: Pasi.Eronen@nokia.com
References: <1696498986EFEC4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com>
In-Reply-To: <1696498986EFEC4D9153717DA325CB728D5AF2@vaebe104.NOE.Nokia.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: ipsec@ietf.org
Subject: Re: [IPsec] IPsec maintenance/extensions WG, summary so far
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org

Pasi,

The ones that I actually personally care about:

> [R] o  Update to IKEv2 base specification (possible starting point:
>    draft-hoffman-ikev2bis)
>
> [CR] o  Better IPv6 configuration payloads (possible starting point:
>    draft-eronen-ipsec-ikev2-ipv6-config)
>
> [R] o  Guidelines for Mandating the Use of IPsec, for RFC430x IPsec
>    (possible starting point: draft-bellovin-useipsec)
>   

The following were also mildly interesting, I wouldn't mind if the WG
did them:

> o  IPsec document roadmap update (possible starting point: RFC 2411)
>
> o  Using AEAD algorithms in IKEv2 (possible starting point:
>    draft-black-ipsec-ikev2-aead-modes)
>
> o  Redirecting a VPN client from one gateway to another
>    (in a cluster of gateways)
>
> o  IPsec "secure beacon", or detecting whether you need VPN or 
>    not (possible starting point: draft-sheffer-ipsec-secure-beacon)
>
> o  Detecting crashed peers faster (possible starting point:
>    draft-nir-ike-qcd)
>
> o  IKEv2 session resumption / optimizing IKEv2 handshake when 
>    connecting again to same peer/cluster of peers (possible 
>    starting point: draft-sheffer-ipsec-failover)
>
> o  Authentication-only IPsec that simplifies packet inspection
>    (possible starting points: draft-hoffman-esp-null-protocol,
>    draft-grewal-ipsec-traffic-visibility)
>
> o  Using GRE "key" header field as IPsec traffic selector (possible 
>    starting point: draft-ma-softwire-ipsec-gre-demultiplexing-ps)
>
> o  Authentication with Cryptographically Generated Addresses (CGA)
>    (possible starting point: draft-laganier-ike-ipv6-cga)
>
> o  Setting up GRE tunnels with IKE (possible starting point:
>    draft-wu-l3vpn-ipsec-gre-00)
>   
Then again, much of the above is extensions, rather than fixing bugs &
revising brokenness. The latter should have priority. Is IKEv2 the only
thing that has issues in that regard?

Jari

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email