IETF Logo Mail Archive

Re: [IPsec] Proposed wording for a revised charter

Daniel Migault <daniel.migault@ericsson.com> Mon, 07 March 2016 15:23 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87EC31B42BC for <ipsec@ietfa.amsl.com>; Mon, 7 Mar 2016 07:23:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhG5sk7WaR10 for <ipsec@ietfa.amsl.com>; Mon, 7 Mar 2016 07:23:54 -0800 (PST)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1696F1B42B9 for <ipsec@ietf.org>; Mon, 7 Mar 2016 07:23:54 -0800 (PST)
Received: by mail-wm0-x22b.google.com with SMTP id l68so91136210wml.0 for <ipsec@ietf.org>; Mon, 07 Mar 2016 07:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=57gE1hQiUMQuUftsvAjpq+b6kwih+YvwhcIRC/0KR/E=; b=jw6yBjCBAOBFUTkpHKRoFnUFnPoDmhsIEu5pGLssdabflWmv84XmmMOXFipv034C6N NwlSWjOaUQCFI1zrqQhXOI1TlY6IijetzlO8dfRWCTJ3vRdgHBsOmmRpCk/JpkuOxZjJ CKv9p/W7UMyOAg2tRbyYyC0XQZlt5PEgaPAgdHHFDqSrQMviQcaSYoJGtvjAGZNQWePI LufMKyBZzgmogcNPoSEbbiKrBk9r4+zRyJXqL75zwSVNH0eBAG9T2KfKuJsXC9+Kg8rp n+JjYLrIgVmsgGBkCUrINHibVYD/Hu4WHarDdlEzD3PWnkuLBieOBj3fBbCtlHrhWAhZ Qfvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=57gE1hQiUMQuUftsvAjpq+b6kwih+YvwhcIRC/0KR/E=; b=M+CspL09FO+92YnC+Lb7mL+onFHbN86QecLjsDwqDK7r6UZYk3/RaR8CVGcbYuN2Qg qVcq0MIM/6zed10QHBtzMZ5ZXzhISwWdPHnu1VHrRBgMk7SswtFnm20qkxpQ1q9ubaIC IRBukBHT+0WFPSWUv8Y26ghfGtafmp/WlsGc2inXlNmjtUsZvxUCu0Gu8OXgzwffCqDA K6KoGeyo0w+Wm9pfqE2EDRX9vKg0geabakIv4V1rLKdMeL7y8UImmFlRLeTNaY/sarKj 580wpn9ZSd06CHRwj3k/77W5XCoA+YmU6lYV9AN+oSmqtiUWajJvw+ZWNdz2eZzao+Dk f94w==
X-Gm-Message-State: AD7BkJKsoQ1vYAZiaqhSKbQbq4zaqRC1PMd9YUcIUsRH4pG2dIrdnGXrYy92MUMPtzUAx6lQn8dH3/3hWTR39w==
MIME-Version: 1.0
X-Received: by 10.28.90.68 with SMTP id o65mr13067029wmb.70.1457364232528; Mon, 07 Mar 2016 07:23:52 -0800 (PST)
Sender: mglt.ietf@gmail.com
Received: by 10.194.78.199 with HTTP; Mon, 7 Mar 2016 07:23:52 -0800 (PST)
In-Reply-To: <5281C22F-97EE-4994-829E-1121BEDE8E36@apple.com>
References: <82BDFE1B-EF80-49EA-BD47-4D77C5E812EA@vpnc.org> <ED97373A-7510-421C-956D-56ED6D443C37@nohats.ca> <5281C22F-97EE-4994-829E-1121BEDE8E36@apple.com>
Date: Mon, 07 Mar 2016 15:23:52 +0000
X-Google-Sender-Auth: 0Orvp1jk3VVjQqUNV11OWhpLl5w
Message-ID: <CADZyTkmzPfoJcz=F=3H+pO3A502+DxAbtBRHT6WWAz_1Kj4iVg@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
To: Tommy Pauly <tpauly@apple.com>
Content-Type: multipart/alternative; boundary="001a11452394636d3b052d770d3e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/qjaLeas9AZjZ-ZAksmC5yhF-z4g>
Cc: IPsecME WG <ipsec@ietf.org>, Paul Wouters <paul@nohats.ca>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] Proposed wording for a revised charter
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 15:23:56 -0000

On Fri, Mar 4, 2016 at 5:05 PM, Tommy Pauly <tpauly@apple.com> wrote:

> I would also like to see the draft for TCP encapsulation added as an item,
> since we’ve gotten a fair amount of support for it.


I am supporting this item.


> For the purposes of the charter, it may be good to have a broader
> explanation of the goal—something to the effect that the working group
> should focus on making sure that IKEv2 can be deployed more universally by
> taking into account limitations of various networks. Previous RFCs like IKE
> fragmentation have contributed to this; TCP encapsulation tries to solve
> another set of problematic networks; and we can imagine that there may be
> more to investigate, such as taking into account the limitations and
> requirements of IoT networks, etc.
>
> Tommy
>
> > On Mar 1, 2016, at 12:32 PM, Paul Wouters <paul@nohats.ca> wrote:
> >
> > S/mostly//
> >
> > Add IKE over tcp and DNS extensions for ikev2?
> >
> > Sent from my iPhone
> >
> >> On Mar 1, 2016, at 11:18, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> >>
> >> Greetings. We need to update our charter to reflect our current and
> expected work. Dave and I propose the following text. Please let us know
> within the next week if you have suggestions for changes.
> >>
> >> --Paul Hoffman and Dave Waltermire
> >>
> >>
> >> The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated
> RFCs),
> >> IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301). IPsec
> is
> >> widely deployed in VPN gateways, VPN remote access clients, and as a
> >> substrate for host-to-host, host-to-network, and network-to-network
> >> security.
> >>
> >> The IPsec Maintenance and Extensions Working Group continues the work of
> >> the earlier IPsec Working Group which was concluded in 2005. Its
> purpose is
> >> to maintain the IPsec standard and to facilitate discussion of
> clarifications,
> >> improvements, and extensions to IPsec, mostly to IKEv2.
> >> The working group also serves as a focus point for other IETF Working
> Groups
> >> who use IPsec in their own protocols.
> >>
> >> The current work items include:
> >>
> >> IKEv2 contains the cookie mechanism to protect against denial of service
> >> attacks. However this mechanism cannot protect an IKE end-point
> (typically,
> >> a large gateway) from "distributed denial of service", a coordinated
> attack by
> >> a large number of "bots". The working group will analyze the problem and
> >> propose a solution, by offering best practices and potentially by
> extending
> >> the protocol.
> >>
> >> IKEv2 utilizes a number of cryptographic algorithms in order to provide
> >> security services. To support interoperability a number of mandatory-to-
> >> implement (MTI) algorithms are defined in RFC4307. There is interest in
> >> updating the MTIs in
> >> RFC4307 based on new algorithms, changes to the understood security
> >> strength of existing algorithms, and the degree of adoption of
> previously
> >> introduced algorithms. The group will revise RFC4307 proposing updates
> to
> >> the MIT algorithms used by IKEv2 to address these changes.
> >>
> >> There is interest in supporting Curve25519 and Curve448 for ephemeral
> key
> >> exchange in the IKEv2 protocol. The group will extend the
> >> IKEv2 protocol to support key agreement using these curves and their
> >> related functions.
> >>
> >> This charter will expire in August 2016. If the charter is not updated
> before
> >> that time, the WG will be closed and any remaining documents revert
> back to
> >> individual Internet-Drafts.
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> IPsec mailing list
> >> IPsec@ietf.org
> >> https://www.ietf.org/mailman/listinfo/ipsec
> >
> > _______________________________________________
> > IPsec mailing list
> > IPsec@ietf.org
> > https://www.ietf.org/mailman/listinfo/ipsec
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>

v2.23.0 | Report a Bug | By Email