S/mostly// Add IKE over tcp and DNS extensions for ikev2?
Sent from my iPhone > On Mar 1, 2016, at 11:18, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > > Greetings. We need to update our charter to reflect our current and expected > work. Dave and I propose the following text. Please let us know within the > next week if you have suggestions for changes. > > --Paul Hoffman and Dave Waltermire > > > The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated RFCs), > IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301). IPsec is > widely deployed in VPN gateways, VPN remote access clients, and as a > substrate for host-to-host, host-to-network, and network-to-network > security. > > The IPsec Maintenance and Extensions Working Group continues the work of > the earlier IPsec Working Group which was concluded in 2005. Its purpose is > to maintain the IPsec standard and to facilitate discussion of clarifications, > improvements, and extensions to IPsec, mostly to IKEv2. > The working group also serves as a focus point for other IETF Working Groups > who use IPsec in their own protocols. > > The current work items include: > > IKEv2 contains the cookie mechanism to protect against denial of service > attacks. However this mechanism cannot protect an IKE end-point (typically, > a large gateway) from "distributed denial of service", a coordinated attack by > a large number of "bots". The working group will analyze the problem and > propose a solution, by offering best practices and potentially by extending > the protocol. > > IKEv2 utilizes a number of cryptographic algorithms in order to provide > security services. To support interoperability a number of mandatory-to- > implement (MTI) algorithms are defined in RFC4307. There is interest in > updating the MTIs in > RFC4307 based on new algorithms, changes to the understood security > strength of existing algorithms, and the degree of adoption of previously > introduced algorithms. The group will revise RFC4307 proposing updates to > the MIT algorithms used by IKEv2 to address these changes. > > There is interest in supporting Curve25519 and Curve448 for ephemeral key > exchange in the IKEv2 protocol. The group will extend the > IKEv2 protocol to support key agreement using these curves and their > related functions. > > This charter will expire in August 2016. If the charter is not updated before > that time, the WG will be closed and any remaining documents revert back to > individual Internet-Drafts. > > > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
