Re: [IPsec] Agenda for IETF 100
Don't forget to add this as a BoF: https://www.youtube.com/watch?v=FoUWHfh733Y :) X On Fri, 27 Oct 2017, Daniel Migault wrote: We support the proposals and will publish updated the documents regarding diet-esp and its associated IKEv2 extension. We believe draft-mglt-ipsecme-diet-esp and draft-ipsecme-ikev2-extention could be a good starting point. The proposed text for the charter could be: A growing number of use cases for constraint network - but not limited to - have shown interest in reducing ESP overhead by compressing ESP fields. The WG will define extensions of ESP and IKEv2 to enable ESP header compression. draft-mglt-ipsecme-diet-esp and draft-mglt-ipsecme-ikev2-extention are expected to be good starting points. Yours, Daniel On Fri, Oct 27, 2017 at 12:33 PM, Tommy Paulywrote: + 1 to these proposals I'd also like to see the work on drafts like DIET-ESP (draft-mglt-ipsecme-diet-esp-04) be incorporated. I think we'll have some growing use cases for IPsec in constrained networks, and as that develops, extensions and modifications to the protocol to make IKEv2 and ESP work efficiently in those conditions will be necessary. (These would likely fall into the host-to-host use case described in the charter.) Thanks, Tommy > On Oct 27, 2017, at 7:51 AM, Valery Smyslov wrote: > > Hi, > > I think that the following items can be considered for the new charter. > > 1. Develop load sharing cluster solution for IKEv2/IPsec. The possible charter text: > > MOBIKE protocol [RFC4555] is used to move existing > IKE/IPsec SA from one IP address to another. However, > in MOBIKE it is the initiator of the IKE SA (i.e. remote access client) > that controls this process. If there are several responders > each having own IP address and acting together as a load sharing cluster, > then it is desirable for them to have ability to request initiator to switch to > a particular member. The working group will analyze the possibility > to extend MOBIKE protocol or to develop new IKE extension > that will allow to build load sharing clusters in an interoperable way. > > 2. Make IKEv2 Postquantum Cryptography ready. In particular - make it > able to transfer large payloads in initial exchange without having > IP fragmentation issues. The possible charter text: > > Postquantum Cryptography brings new key exchange methods. > Most of these methods that are known to date have much larger public > keys then conventional Diffie-Hellman public keys. Direct using > these methods in IKEv2 might lead to a number of problems > due to the increased size of initial IKEv2 messages. The working group will > analyze the possible problems and develop a solution, that will > make adding Postquantum key exchange methods more easy. > > Regards, > Valery. > > >> We will be meeting at Monday morning 09:30-11:00 for 1.5 hours. Our >> main agenda item will be the rechartering text, i.e., our charter will >> expire by the end of year, and we have most of our chartered work >> already completed, or almost finished, so we need to decide what new >> items (if any) we take to our charter, or wheter we shut down the WG. >> >> In last IETF we had people with items which we could add to charter, >> so I want those people wanting to add things to charter to send an >> email to the mailing list about what items they would like to propose >> to the charter, and preliminary charter text for the item. >> >> If we do not receive any proposed charter texts, then I assume we do >> not have any more work to do after we finish our current charter... >> >> Also if there is people wanting to present anything in the next >> IPsecME IETF session, send email to wg chairs ipsecme-cha...@ietf.org. >> -- >> kivi...@iki.fi >> >> ___ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list
Re: [IPsec] Agenda for IETF 100
We support the proposals and will publish updated the documents regarding diet-esp and its associated IKEv2 extension. We believe draft-mglt-ipsecme-diet-esp and draft-ipsecme-ikev2-extention could be a good starting point. The proposed text for the charter could be: A growing number of use cases for constraint network - but not limited to - have shown interest in reducing ESP overhead by compressing ESP fields. The WG will define extensions of ESP and IKEv2 to enable ESP header compression. draft-mglt-ipsecme-diet-esp and draft-mglt-ipsecme-ikev2-extention are expected to be good starting points. Yours, Daniel On Fri, Oct 27, 2017 at 12:33 PM, Tommy Paulywrote: > + 1 to these proposals > > I'd also like to see the work on drafts like DIET-ESP > (draft-mglt-ipsecme-diet-esp-04) be incorporated. I think we'll have some > growing use cases for IPsec in constrained networks, and as that develops, > extensions and modifications to the protocol to make IKEv2 and ESP work > efficiently in those conditions will be necessary. (These would likely fall > into the host-to-host use case described in the charter.) > > Thanks, > Tommy > > > On Oct 27, 2017, at 7:51 AM, Valery Smyslov wrote: > > > > Hi, > > > > I think that the following items can be considered for the new charter. > > > > 1. Develop load sharing cluster solution for IKEv2/IPsec. The possible > charter text: > > > > MOBIKE protocol [RFC4555] is used to move existing > > IKE/IPsec SA from one IP address to another. However, > > in MOBIKE it is the initiator of the IKE SA (i.e. remote access > client) > > that controls this process. If there are several responders > > each having own IP address and acting together as a load sharing > cluster, > > then it is desirable for them to have ability to request initiator > to switch to > > a particularmember. The working group will analyze the > possibility > > to extend MOBIKE protocol or to develop new IKE extension > > that will allow to build load sharing clusters in an interoperable > way. > > > > 2. Make IKEv2 Postquantum Cryptography ready. In particular - make it > >able to transfer large payloads in initial exchange without having > >IP fragmentation issues. The possible charter text: > > > > Postquantum Cryptography brings new key exchange methods. > > Most of these methods that are known to date have much larger > public > > keys then conventional Diffie-Hellman public keys. Direct using > > these methods in IKEv2 might lead to a number of problems > > due to the increased size of initial IKEv2 messages. The working > group will > > analyze the possible problems and develop a solution, that will > > make adding Postquantum key exchange methods more easy. > > > > Regards, > > Valery. > > > > > >> We will be meeting at Monday morning 09:30-11:00 for 1.5 hours. Our > >> main agenda item will be the rechartering text, i.e., our charter will > >> expire by the end of year, and we have most of our chartered work > >> already completed, or almost finished, so we need to decide what new > >> items (if any) we take to our charter, or wheter we shut down the WG. > >> > >> In last IETF we had people with items which we could add to charter, > >> so I want those people wanting to add things to charter to send an > >> email to the mailing list about what items they would like to propose > >> to the charter, and preliminary charter text for the item. > >> > >> If we do not receive any proposed charter texts, then I assume we do > >> not have any more work to do after we finish our current charter... > >> > >> Also if there is people wanting to present anything in the next > >> IPsecME IETF session, send email to wg chairs ipsecme-cha...@ietf.org. > >> -- > >> kivi...@iki.fi > >> > >> ___ > >> IPsec mailing list > >> IPsec@ietf.org > >> https://www.ietf.org/mailman/listinfo/ipsec > > > > ___ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] IEEE CNS 2018 Call for Papers (Submission Deadline - December 20)
[Apologies, if you receive multiple copies of this CFP] CALL FOR PAPERS IEEE CNS 2018 IEEE Conference on Communications and Network Security Beijing, China, May 30-June 1, 2018 URL: http://cns2018.ieee-cns.org/ IEEE Communications Society Core Conference PAPER SUBMISSION DEADLINE December 20, 2017 IEEE Conference on Communications and Network Security (IEEE CNS) is a conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cybersecurity. IEEE CNS provides a premier forum for security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of cybersecurity. Building on the success of the past five years’ conferences, IEEE CNS 2018 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, from the physical layer to the network layer to the variety of applications reliant on a secure communication substrate. TOPICS OF INTERESTS * Anonymity and privacy technologies * Computer and network forensics * Cyber deterrence strategies * Game-theoretic security technologies * Implementation and evaluation of networked security systems * Information-theoretic security * Intrusion detection, prevention, and response * Key management, public key infrastructures, certification, revocation, and authentication * Malware detection and mitigation * Security metrics and models * Physical-layer and cross-layer security technologies * Security and privacy for big data * Security and privacy for data and network outsourcing services * Security and privacy for mobile and wearable devices * Security and privacy in cellular networks * Security and privacy in cloud and edge computing * Security and privacy in crowdsourcing * Security and privacy in emerging wireless technologies (dynamic spectrum sharing, cognitive radio networks, millimeter wave communications, MIMO systems, etc.) * Security and privacy in peer-to-peer and overlay networks * Security and privacy in Wi-Fi, ad hoc, mesh, sensor, vehicular, body-area, disruption/delay tolerant, and social networks * Security and privacy in smart cities, smart and connected health, IoT, and RFID systems * Security for critical infrastructures (smart grids, transportation systems, etc.) * Security for future Internet architectures and designs * Security for software-defined and data center networks * Social, economic, and policy issues of trust, security, and privacy * Traffic analysis * Usable security and privacy * Web, e-commerce, m-commerce, and e-mail security IMPORTANT DATES --- Paper Submission Deadline: December 20, 2017 Notification of Acceptance: February 27, 2018 Final Paper Submission: March 19, 2018 CONFERENCE CHAIRS --- General Chair: Jiwu Jing (Chinese Academy of Sciences, PR China) Program Chairs: Loukas Lazos (University of Arizona, USA) Peng Liu (Pennsylvania State University, USA) TECHNICAL PROGRAM COMMITTEE See: http://cns2018.ieee-cns.org/ ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] I-D Action: draft-ietf-ipsecme-eddsa-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : Using Edwards-curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange (IKEv2) Author : Yoav Nir Filename: draft-ietf-ipsecme-eddsa-04.txt Pages : 5 Date: 2017-10-27 Abstract: This document describes the use of the Edwards-curve digital signature algorithm in the IKEv2 protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-eddsa/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ipsecme-eddsa-04 https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-eddsa-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-eddsa-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] WGLC on draft-mglt-ipsecme-implicit-iv-04
Hi Tero, Thanks for the review, It should be easy to fix. Yours, Daniel On Fri, Oct 27, 2017 at 11:30 AM, Tero Kivinenwrote: > Waltermire, David A. (Fed) writes: > > This message starts a Working Group Last Call (WGLC) for > > draft-mglt-ipsecme-implicit-iv-04. > > > > The version to be reviewed can be found here: > > https://www.ietf.org/id/draft-mglt-ipsecme-implicit-iv-04.txt. > > > > Please send your comments, questions, and edit proposals to the WG > > mail list until November 9th, 2017. If you believe that the > > document is ready to be submitted to the IESG for consideration as a > > Standards Track RFC please send a short message stating this. > > > > > In section 8, fix the spelling of the ENCR_AES-CCM_8_IIV and similar > so that they do not use "-", but only "_" (or otherwise be ready to > face the wrath of the angry implementor in next IETF). I.e. > >- ENCR_AES_CCM_8_IIV > >- ENCR_AES_GCM_16_IIV > >- ENCR_CHACHA20_POLY1305_IIV > -- > kivi...@iki.fi > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Agenda for IETF 100
+ 1 to these proposals I'd also like to see the work on drafts like DIET-ESP (draft-mglt-ipsecme-diet-esp-04) be incorporated. I think we'll have some growing use cases for IPsec in constrained networks, and as that develops, extensions and modifications to the protocol to make IKEv2 and ESP work efficiently in those conditions will be necessary. (These would likely fall into the host-to-host use case described in the charter.) Thanks, Tommy > On Oct 27, 2017, at 7:51 AM, Valery Smyslovwrote: > > Hi, > > I think that the following items can be considered for the new charter. > > 1. Develop load sharing cluster solution for IKEv2/IPsec. The possible > charter text: > > MOBIKE protocol [RFC4555] is used to move existing > IKE/IPsec SA from one IP address to another. However, > in MOBIKE it is the initiator of the IKE SA (i.e. remote access client) > that controls this process. If there are several responders > each having own IP address and acting together as a load sharing > cluster, > then it is desirable for them to have ability to request initiator to > switch to > a particularmember. The working group will analyze the possibility > to extend MOBIKE protocol or to develop new IKE extension > that will allow to build load sharing clusters in an interoperable way. > > 2. Make IKEv2 Postquantum Cryptography ready. In particular - make it >able to transfer large payloads in initial exchange without having >IP fragmentation issues. The possible charter text: > > Postquantum Cryptography brings new key exchange methods. > Most of these methods that are known to date have much larger public > keys then conventional Diffie-Hellman public keys. Direct using > these methods in IKEv2 might lead to a number of problems > due to the increased size of initial IKEv2 messages. The working group > will > analyze the possible problems and develop a solution, that will > make adding Postquantum key exchange methods more easy. > > Regards, > Valery. > > >> We will be meeting at Monday morning 09:30-11:00 for 1.5 hours. Our >> main agenda item will be the rechartering text, i.e., our charter will >> expire by the end of year, and we have most of our chartered work >> already completed, or almost finished, so we need to decide what new >> items (if any) we take to our charter, or wheter we shut down the WG. >> >> In last IETF we had people with items which we could add to charter, >> so I want those people wanting to add things to charter to send an >> email to the mailing list about what items they would like to propose >> to the charter, and preliminary charter text for the item. >> >> If we do not receive any proposed charter texts, then I assume we do >> not have any more work to do after we finish our current charter... >> >> Also if there is people wanting to present anything in the next >> IPsecME IETF session, send email to wg chairs ipsecme-cha...@ietf.org. >> -- >> kivi...@iki.fi >> >> ___ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] WGLC on draft-mglt-ipsecme-implicit-iv-04
Waltermire, David A. (Fed) writes: > This message starts a Working Group Last Call (WGLC) for > draft-mglt-ipsecme-implicit-iv-04. > > The version to be reviewed can be found here: > https://www.ietf.org/id/draft-mglt-ipsecme-implicit-iv-04.txt. > > Please send your comments, questions, and edit proposals to the WG > mail list until November 9th, 2017. If you believe that the > document is ready to be submitted to the IESG for consideration as a > Standards Track RFC please send a short message stating this. In section 8, fix the spelling of the ENCR_AES-CCM_8_IIV and similar so that they do not use "-", but only "_" (or otherwise be ready to face the wrath of the angry implementor in next IETF). I.e. - ENCR_AES_CCM_8_IIV - ENCR_AES_GCM_16_IIV - ENCR_CHACHA20_POLY1305_IIV -- kivi...@iki.fi ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Agenda for IETF 100
Hi, I think that the following items can be considered for the new charter. 1. Develop load sharing cluster solution for IKEv2/IPsec. The possible charter text: MOBIKE protocol [RFC4555] is used to move existing IKE/IPsec SA from one IP address to another. However, in MOBIKE it is the initiator of the IKE SA (i.e. remote access client) that controls this process. If there are several responders each having own IP address and acting together as a load sharing cluster, then it is desirable for them to have ability to request initiator to switch to a particularmember. The working group will analyze the possibility to extend MOBIKE protocol or to develop new IKE extension that will allow to build load sharing clusters in an interoperable way. 2. Make IKEv2 Postquantum Cryptography ready. In particular - make it able to transfer large payloads in initial exchange without having IP fragmentation issues. The possible charter text: Postquantum Cryptography brings new key exchange methods. Most of these methods that are known to date have much larger public keys then conventional Diffie-Hellman public keys. Direct using these methods in IKEv2 might lead to a number of problems due to the increased size of initial IKEv2 messages. The working group will analyze the possible problems and develop a solution, that will make adding Postquantum key exchange methods more easy. Regards, Valery. > We will be meeting at Monday morning 09:30-11:00 for 1.5 hours. Our > main agenda item will be the rechartering text, i.e., our charter will > expire by the end of year, and we have most of our chartered work > already completed, or almost finished, so we need to decide what new > items (if any) we take to our charter, or wheter we shut down the WG. > > In last IETF we had people with items which we could add to charter, > so I want those people wanting to add things to charter to send an > email to the mailing list about what items they would like to propose > to the charter, and preliminary charter text for the item. > > If we do not receive any proposed charter texts, then I assume we do > not have any more work to do after we finish our current charter... > > Also if there is people wanting to present anything in the next > IPsecME IETF session, send email to wg chairs ipsecme-cha...@ietf.org. > -- > kivi...@iki.fi > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] IEEE CNS 2018 Call for Papers (Submission Deadline - December 20)
CALL FOR PAPERS IEEE CNS 2018 IEEE Conference on Communications and Network Security Beijing, China, May 30-June 1, 2018 URL: http://cns2018.ieee-cns.org/ IEEE Communications Society Core Conference PAPER SUBMISSION DEADLINE December 20, 2017 IEEE Conference on Communications and Network Security (IEEE CNS) is a conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cybersecurity. IEEE CNS provides a premier forum for security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of cybersecurity. Building on the success of the past five years’ conferences, IEEE CNS 2018 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, from the physical layer to the network layer to the variety of applications reliant on a secure communication substrate. TOPICS OF INTERESTS * Anonymity and privacy technologies * Computer and network forensics * Cyber deterrence strategies * Game-theoretic security technologies * Implementation and evaluation of networked security systems * Information-theoretic security * Intrusion detection, prevention, and response * Key management, public key infrastructures, certification, revocation, and authentication * Malware detection and mitigation * Security metrics and models * Physical-layer and cross-layer security technologies * Security and privacy for big data * Security and privacy for data and network outsourcing services * Security and privacy for mobile and wearable devices * Security and privacy in cellular networks * Security and privacy in cloud and edge computing * Security and privacy in crowdsourcing * Security and privacy in emerging wireless technologies (dynamic spectrum sharing, cognitive radio networks, millimeter wave communications, MIMO systems, etc.) * Security and privacy in peer-to-peer and overlay networks * Security and privacy in Wi-Fi, ad hoc, mesh, sensor, vehicular, body-area, disruption/delay tolerant, and social networks * Security and privacy in smart cities, smart and connected health, IoT, and RFID systems * Security for critical infrastructures (smart grids, transportation systems, etc.) * Security for future Internet architectures and designs * Security for software-defined and data center networks * Social, economic, and policy issues of trust, security, and privacy * Traffic analysis * Usable security and privacy * Web, e-commerce, m-commerce, and e-mail security IMPORTANT DATES --- Paper Submission Deadline: December 20, 2017 Notification of Acceptance: February 27, 2018 Final Paper Submission: March 19, 2018 CONFERENCE CHAIRS --- General Chair: Jiwu Jing (Chinese Academy of Sciences, PR China) Program Chairs: Loukas Lazos (University of Arizona, USA) Peng Liu (Pennsylvania State University, USA) TECHNICAL PROGRAM COMMITTEE See: http://cns2018.ieee-cns.org/ ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec