Greetings. We need to update our charter to reflect our current and
expected work. Dave and I propose the following text. Please let us know
within the next week if you have suggestions for changes.
--Paul Hoffman and Dave Waltermire
The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated
RFCs),
IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301). IPsec
is
widely deployed in VPN gateways, VPN remote access clients, and as a
substrate for host-to-host, host-to-network, and network-to-network
security.
The IPsec Maintenance and Extensions Working Group continues the work of
the earlier IPsec Working Group which was concluded in 2005. Its purpose
is
to maintain the IPsec standard and to facilitate discussion of
clarifications,
improvements, and extensions to IPsec, mostly to IKEv2.
The working group also serves as a focus point for other IETF Working
Groups
who use IPsec in their own protocols.
The current work items include:
IKEv2 contains the cookie mechanism to protect against denial of service
attacks. However this mechanism cannot protect an IKE end-point
(typically,
a large gateway) from "distributed denial of service", a coordinated
attack by
a large number of "bots". The working group will analyze the problem and
propose a solution, by offering best practices and potentially by
extending
the protocol.
IKEv2 utilizes a number of cryptographic algorithms in order to provide
security services. To support interoperability a number of mandatory-to-
implement (MTI) algorithms are defined in RFC4307. There is interest in
updating the MTIs in
RFC4307 based on new algorithms, changes to the understood security
strength of existing algorithms, and the degree of adoption of
previously
introduced algorithms. The group will revise RFC4307 proposing updates
to
the MIT algorithms used by IKEv2 to address these changes.
There is interest in supporting Curve25519 and Curve448 for ephemeral
key
exchange in the IKEv2 protocol. The group will extend the
IKEv2 protocol to support key agreement using these curves and their
related functions.
This charter will expire in August 2016. If the charter is not updated
before
that time, the WG will be closed and any remaining documents revert back
to
individual Internet-Drafts.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
