Some folks here might be interested in this draft, now in IETF Last Call. Do *not* send comments to the IPsecME mailing list; instead, follow the instructions in the last call below.
--Paul Hoffman > The IESG has received a request from the IP Performance Metrics WG (ippm) > to consider the following document: > - 'IKEv2-based Shared Secret Key for O/TWAMP' > <draft-ietf-ippm-ipsec-08.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > [email protected] mailing lists by 2015-02-09. Exceptionally, comments may be > sent to [email protected] instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > The O/TWAMP security mechanism requires that both the client and > server endpoints possess a shared secret. Since the currently- > standardized O/TWAMP security mechanism only supports a pre-shared > key mode, large scale deployment of O/TWAMP is hindered > significantly. At the same time, recent trends point to wider IKEv2 > deployment which, in turn, calls for mechanisms and methods that > enable tunnel end-users, as well as operators, to measure one-way and > two- way network performance in a standardized manner. This document > describes the use of keys derived from an IKEv2 SA as the shared key > in O/TWAMP. If the shared key can be derived from the IKEv2 SA, O/ > TWAMP can support certificate-based key exchange, which would allow > for more operational flexibility and efficiency. The key derivation > presented in this document can also facilitate automatic key > management. > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
