Re: [IPsec] IPsec maintenance/extensions WG, summary so far
"ma yc" <ycma610103@gmail.com> Mon, 12 May 2008 15:01 UTC
Return-Path: <ipsec-bounces@ietf.org>
X-Original-To: ipsec-archive@megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D3E703A6AF6; Mon, 12 May 2008 08:01:39 -0700 (PDT)
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA7C43A6AF6 for <ipsec@core3.amsl.com>; Mon, 12 May 2008 08:01:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPN-BQdkVj7T for <ipsec@core3.amsl.com>; Mon, 12 May 2008 08:01:36 -0700 (PDT)
Received: from ti-out-0910.google.com (ti-out-0910.google.com [209.85.142.189]) by core3.amsl.com (Postfix) with ESMTP id 3FC8A3A6AB4 for <ipsec@ietf.org>; Mon, 12 May 2008 08:01:34 -0700 (PDT)
Received: by ti-out-0910.google.com with SMTP id a6so1055093tib.25 for <ipsec@ietf.org>; Mon, 12 May 2008 08:01:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=FfXjDAN64WqDAWLpEyHe/UCkfFVWji4I3r6G6jXzwi4=; b=IVDTuSY+ilq5lpN6jwOk91DeJOCbqqQDvuF+cndGPf68IqEMnuhjqx9lxGJ1+jR5u50X5ZRCmvZQhsl3qb7nr2/owCIew6XDkkK9WJGBxCYtUF/hZ/2yWm+K7l9nF4lLfGLCW2fPFvEa7A6jTyT3jVjTh72XkFImmb4zwpUBnag=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ugTLSWwcVRiBE4rZNr2Fh6J3yWNZ79R3UjcPaCqX2W+lfgw1R8ZyGWYk7o54vT2cgFjBY7AgP/pnVul+oUXV84+Gbck6jJvfrOuq+5j6ljh2vLZfOVdk8HkEo5V90/Wo2nuHzzQzCRcew7i0HfeFNtzg/MVrhiJTEuie+4h1U3c=
Received: by 10.110.8.5 with SMTP id 5mr811670tih.3.1210604478750; Mon, 12 May 2008 08:01:18 -0700 (PDT)
Received: by 10.110.90.18 with HTTP; Mon, 12 May 2008 08:01:18 -0700 (PDT)
Message-ID: <e360024e0805120801w2d2e7549w4417056c1994d849@mail.gmail.com>
Date: Mon, 12 May 2008 23:01:18 +0800
From: ma yc <ycma610103@gmail.com>
To: ipsec@ietf.org
MIME-Version: 1.0
Content-Disposition: inline
Subject: Re: [IPsec] IPsec maintenance/extensions WG, summary so far
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Hi Parsi, I would like to participate the following items. [ECR] o Using GRE "key" header field as IPsec traffic selector (possible starting point: draft-ma-softwire-ipsec-gre-demultiplexing-ps) [ECR] o Setting up GRE tunnels with IKE (possible starting point: draft-wu-l3vpn-ipsec-gre-00) [R] o Non-EAP-based one-time password authentication (possible starting point: draft-sunabhi-otp-ikev2) [R] o IKEv2 session resumption / optimizing IKEv2 handshake when connecting again to same peer/cluster of peers (possible starting point: draft-sheffer-ipsec-failover) Regards Yuanchen > On Wed, May 7, 2008 3:19 am, Pasi.Eronen@nokia.com wrote: > > So far, we've had ~20 people who've expressed some form of support > > for creating a WG. This is good -- many current WGs have less than 20 > > people who regularly post to the WG mailing list. > > > > However, by my count, we've also had ~20 proposals for work items. > > That obviously does not add up. > > > > I agree with Paul's comment about the WG scope: the WG should work > > on things where having a WG is really needed, and we actually have a > > *group* of people interested on participating. > > > > Having a WG should not encourage people to develop extensions that > > would not have happened in the absence of a WG (this usually indicates > > they're not widely needed). For some work items that have been > > proposed, an individual draft is IMHO a more appropriate process > > mechanism, and forming a WG would not automatically prevent > > publication of non-WG documents the WG decided not to take. > > > > To get some idea on what work items we have most interest in, I've > > collected those proposed so far (with some things vendors are known to > > do in proprietary ways thrown in). > > > > Please select the items you think the WG should work on (less than > > ten, please), order them most important first, and for each item, > > indicate what you're willing to do: > > > > [E]dit: you're willing to edit the draft corresponding to the work > > item (note: even if we use an individual draft as a starting point, > > this does not automatically determine the editor of the WG item) > > > > [C]ontribute: you're willing to propose non-trivial amounts of > > text for the document during its development > > > > [R]eview: you're willing to review new revisions of the draft > > regularly (not just during WGLC) > > > > For example, > > > > [CR] AEAD algorithms in IKEv2 > > [R] IPsec document roadmap update > > > > would mean that AEAD algorithms is your first priority, and you > > volunteer to contribute and review; and IPsec document roadmap is > > your second priority, and you volunteer to review. > > > > You can also propose a work item that isn't on my list. > > However, for the time being, I think PF_KEY work does not fit > > within the scope of the possible WG charter. > > > > List follows: > > > > o Update to IKEv2 base specification (possible starting point: > > draft-hoffman-ikev2bis) > > > > o IPsec document roadmap update (possible starting point: RFC 2411) > > > > o Using AEAD algorithms in IKEv2 (possible starting point: > > draft-black-ipsec-ikev2-aead-modes) > > > > o Redirecting a VPN client from one gateway to another > > (in a cluster of gateways) > > > > o IPsec "secure beacon", or detecting whether you need VPN or > > not (possible starting point: draft-sheffer-ipsec-secure-beacon) > > > > o Detecting crashed peers faster (possible starting point: > > draft-nir-ike-qcd) > > > > o IKEv2 session resumption / optimizing IKEv2 handshake when > > connecting again to same peer/cluster of peers (possible > > starting point: draft-sheffer-ipsec-failover) > > > > o Authentication-only IPsec that simplifies packet inspection > > (possible starting points: draft-hoffman-esp-null-protocol, > > draft-grewal-ipsec-traffic-visibility) > > > > o Better IPv6 configuration payloads (possible starting point: > > draft-eronen-ipsec-ikev2-ipv6-config) > > > > o Other work for making sure IKEv1 and IKEv2 work as well as > > possible with IPv6, both from standards and operations standpoint > > (please specify more details if you select this one) > > > > o Running IPsec over TCP (so your VPN works even if the coffee > > shop Wi-Fi has stupid packet filtering) > > > > o GSS-API (or Kerberos) authentication for IKEv2 > > > > o Non-EAP-based one-time password authentication (possible > > starting point: draft-sunabhi-otp-ikev2) > > > > o Using GRE "key" header field as IPsec traffic selector (possible > > starting point: draft-ma-softwire-ipsec-gre-demultiplexing-ps) > > > > o Authentication with Cryptographically Generated Addresses (CGA) > > (possible starting point: draft-laganier-ike-ipv6-cga) > > > > o Guidelines for Mandating the Use of IPsec, for RFC430x IPsec > > (possible starting point: draft-bellovin-useipsec) > > > > o Labeled IPsec for RFC 430x IPsec > > > > o IKEv1/IKEv2 co-existence and transition (please specify more > > details if you select this one) > > > > o Setting up GRE tunnels with IKE (possible starting point: > > draft-wu-l3vpn-ipsec-gre-00) > > > > o Connecting IKEv2 peers behind NATs via a "mediation server" > > (possible starting point: draft-brunner-ikev2-mediation) > > > > o Anything that may be needed from IKE/IPsec with respect to > > routing protocol security (please specify more details if > > you select this one) > > > > o Documenting differences in IPsec usage in IETF vs. 3GPP vs. > > 3GPP2 vs. WiMAX vs. vendors etc. (please specify more details > > if you select this one) > > > > o IKEv2 CAPTCHA > > (possible starting point: draft-mutaf-spikev2-01.txt) > > > > Please reply (on the mailing list) within a week or so -- I will > > then summarize what we have. > > > > Best regards, > > Pasi > > > > --- > > > > P.S. It's good to note that we currently have several other WGs > > working on IPsec: > > > > o BMWG: benchmarking IPsec devices > > > > o BTNS: unauthenticated or leap-of-faith IPsec, channel bindings, > > IPsec APIs for applications (not key management daemons like > > PF_KEY) > > > > o MEXT: interaction between IPsec and Mobile IP, Mobile IP > > specific extensions to IPsec > > > > o MSEC: multicast IPsec > > > > o ROHC: header compression in IPsec tunnel mode SAs > > > > o SOFTWIRE: IPsec tunnels as a softwire, setting those up > > based on BGP etc. > > > > These WGs will continue as-is, and e.g. any changes to their charters > > are not in the scope of this discussion. Future work items could be > > considered case-by-case, but the intent is *not* to collect all > > IPsec-related work to one WG. > > > > --- > > > > P.P.S. Acknowledgement: if you followed how Julien Laganier and > > Marcelo Bagnulo handled the MEXT WG rechartering recently, you'll > > notice I have stolen some ideas from them :-) > > _______________________________________________ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] IPsec maintenance/extensions WG, summary … Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Arnaud Ebalard
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jari Arkko
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan Harkins
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Charlie Kaufman
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Vijay Devarapallli
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Dan McDonald
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… fan zhao
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Suresh Krishnan
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Lakshminath Dondeti
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Ana Kukec
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Andreas Steffen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Kumar, Sunil
- Re: [IPsec] IPsec maintenance/extensions WG, summ… ma yc
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Grewal, Ken
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yaron Sheffer
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Cheryl Madson
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yingzhe Wu
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen@nokia.com
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Richard Barnes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Yoav Nir
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Hui Deng
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Nicolas Williams
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Jean-Michel Combes
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Pasi.Eronen
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Joy Latten
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Julien Laganier
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang
- Re: [IPsec] IPsec maintenance/extensions WG, summ… Peng Yang