|
IPsec folks, Our existing charter (http://tools.ietf.org/wg/ipsecme/charters) is badly out of date. Below is a proposed charter revision. Please review and comment on the list. We might also discuss the new charter in the face-to-face next week. Thanks, Paul and Yaron IP Security Maintenance and Extensions (ipsecme) ------------------------------------------------ Charter Current Status: Active Chairs: Paul E. Hoffman <[email protected]> Yaron Sheffer <[email protected]> Security Area Directors: Stephen Farrell <[email protected]> Kathleen Moriarty <[email protected]> Security Area Advisor: Kathleen Moriarty <[email protected]> Mailing Lists: General Discussion: [email protected] To Subscribe: https://www.ietf.org/mailman/listinfo/ipsec Archive: http://www.ietf.org/mail-archive/web/ipsec/ Description of Working Group: The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated RFCs), IKEv2 (RFC 5996), and the IPsec security architecture (RFC 4301). IPsec is widely deployed in VPN gateways, VPN remote access clients, and as a substrate for host-to-host, host-to-network, and network-to-network security. The IPsec Maintenance and Extensions Working Group continues the work of the earlier IPsec Working Group which was concluded in 2005. Its purpose is to maintain the IPsec standard and to facilitate discussion of clarifications, improvements, and extensions to IPsec, mostly to IKEv2. The working group also serves as a focus point for other IETF Working Groups who use IPsec in their own protocols. The current work items include: Recently discovered incorrect behavior of ISPs poses a challenge to IKE, whose UDP messages (especially #3 and #4) sometimes get fragmented at the IP level and then dropped by these ISPs. There is interest in solving this issue by allowing transport of IKE over TCP; this is currently implemented by some vendors. The group will standardize such a solution. The WG will review and revise the list of mandatory-to- implement algorithms for ESP and AH based on five years of experience with newer algorithms and cryptographic modes. The WG will revise the IKEv2 specification with a small number of mandatory tests required for the secure operation of IKEv2 when using elliptic curve cryptography. This work will be based on draft-sheffer-ipsecme-dh-checks. IKEv2 has had many interoperable implementations and can now be considered a mature protocol. The WG will republish the protocol as an Internet Standard. At the time of writing, all the above are in late stages of the IETF process. Therefore, the WG will go into low-power mode: it will remain active as a focal point for the IPsec community. But it will only take on new work items if a strong community interest can be seen. This charter will expire in July 2015 (12 months from approval). If the charter is not updated before that time, the WG will be closed and any remaining documents revert back to individual Internet-Drafts. Goals and Milestones: Done - IETF Last Call on large scale VPN use cases and requirements Done - IETF last call on IKE fragmentation solution Done - IETF last call on new mandatory-to-implement algorithms [No current milestones] |
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
