[saag] IPsecME WG at IETF 85

Paul Hoffman <paul.hoffman@vpnc.org> Thu, 08 November 2012 18:08 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CCFD21F84FC for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 10:08:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bCeIeUJprjaQ for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 10:08:08 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id D1EE521F84D5 for <saag@ietf.org>; Thu, 8 Nov 2012 10:08:07 -0800 (PST)
Received: from dhcp-6045.meeting.ietf.org (dhcp-6045.meeting.ietf.org [130.129.96.69]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id qA8I83g5018992 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <saag@ietf.org>; Thu, 8 Nov 2012 11:08:06 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <3C203CA9-F846-43C6-BD7E-83B33EAFF004@vpnc.org>
Date: Thu, 8 Nov 2012 13:08:06 -0500
To: IETF Security Area Advisory Group <saag@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [saag] IPsecME WG at IETF 85
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 18:08:08 -0000

The ad hoc VPN problem statement and scenarios document has stalled, waiting for the authors to do a revision to meet comments from WG Last Call. Once that happens, we'll verify that the document covers all the outstanding comments and send it to the AD for IETF Last Call.

The WG's other main document, running IKE over TCP, has gotten some comments, particularly about NATs.

The ECDSA design team sent their report to the mailing list, and a draft will emerge soon.

There was a discussion of replacing the RSA raw public key with a new certificate type that handles other types of non-certificate key containers.

Dave McGrew presented his update to RFC 4835. The WG was interested in the topic and will likely adopt this as a new WG work item.

There were presentations on changes or profiles to IKEv2 to make it smaller and easier to implement.

We heard presentations on a couple of drafts that will most likely not appear in the WG on multi-path IPsec, MIF security requirements, and an operational issue with leakage over IPv6.

--Paul Hoffman