On Fri, Mar 4, 2016 at 5:05 PM, Tommy Pauly <[email protected]> wrote:
> I would also like to see the draft for TCP encapsulation added as an item, > since we’ve gotten a fair amount of support for it. I am supporting this item. > For the purposes of the charter, it may be good to have a broader > explanation of the goal—something to the effect that the working group > should focus on making sure that IKEv2 can be deployed more universally by > taking into account limitations of various networks. Previous RFCs like IKE > fragmentation have contributed to this; TCP encapsulation tries to solve > another set of problematic networks; and we can imagine that there may be > more to investigate, such as taking into account the limitations and > requirements of IoT networks, etc. > > Tommy > > > On Mar 1, 2016, at 12:32 PM, Paul Wouters <[email protected]> wrote: > > > > S/mostly// > > > > Add IKE over tcp and DNS extensions for ikev2? > > > > Sent from my iPhone > > > >> On Mar 1, 2016, at 11:18, Paul Hoffman <[email protected]> wrote: > >> > >> Greetings. We need to update our charter to reflect our current and > expected work. Dave and I propose the following text. Please let us know > within the next week if you have suggestions for changes. > >> > >> --Paul Hoffman and Dave Waltermire > >> > >> > >> The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated > RFCs), > >> IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301). IPsec > is > >> widely deployed in VPN gateways, VPN remote access clients, and as a > >> substrate for host-to-host, host-to-network, and network-to-network > >> security. > >> > >> The IPsec Maintenance and Extensions Working Group continues the work of > >> the earlier IPsec Working Group which was concluded in 2005. Its > purpose is > >> to maintain the IPsec standard and to facilitate discussion of > clarifications, > >> improvements, and extensions to IPsec, mostly to IKEv2. > >> The working group also serves as a focus point for other IETF Working > Groups > >> who use IPsec in their own protocols. > >> > >> The current work items include: > >> > >> IKEv2 contains the cookie mechanism to protect against denial of service > >> attacks. However this mechanism cannot protect an IKE end-point > (typically, > >> a large gateway) from "distributed denial of service", a coordinated > attack by > >> a large number of "bots". The working group will analyze the problem and > >> propose a solution, by offering best practices and potentially by > extending > >> the protocol. > >> > >> IKEv2 utilizes a number of cryptographic algorithms in order to provide > >> security services. To support interoperability a number of mandatory-to- > >> implement (MTI) algorithms are defined in RFC4307. There is interest in > >> updating the MTIs in > >> RFC4307 based on new algorithms, changes to the understood security > >> strength of existing algorithms, and the degree of adoption of > previously > >> introduced algorithms. The group will revise RFC4307 proposing updates > to > >> the MIT algorithms used by IKEv2 to address these changes. > >> > >> There is interest in supporting Curve25519 and Curve448 for ephemeral > key > >> exchange in the IKEv2 protocol. The group will extend the > >> IKEv2 protocol to support key agreement using these curves and their > >> related functions. > >> > >> This charter will expire in August 2016. If the charter is not updated > before > >> that time, the WG will be closed and any remaining documents revert > back to > >> individual Internet-Drafts. > >> > >> > >> > >> > >> _______________________________________________ > >> IPsec mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/ipsec > > > > _______________________________________________ > > IPsec mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
