Re: [MEXT] [IPsec] Roadmap doc

To: "Sheila Frankel" <sheila.frankel at nist.gov>
Subject: Re: [MEXT] [IPsec] Roadmap doc
From: arno at natisbad.org (Arnaud Ebalard)
Date: Thu, 23 Oct 2008 18:24:23 +0200
Cc: IPsec at ietf.org, IETF MEXT WG ML <mext at ietf.org>
Delivered-to: ietfarch-mip6-web-archive at core3.amsl.com
Delivered-to: mext at core3.amsl.com
In-reply-to: <20081023111335.93181fsvzkllr3q7 at webmail.nist.gov> (Sheila Frankel's message of "Thu, 23 Oct 2008 11:13:35 -0400")
List-archive: <http://www.ietf.org/pipermail/mext>
List-help: <mailto:mext-request@ietf.org?subject=help>
List-id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-post: <mailto:mext@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
References: <20081023111335.93181fsvzkllr3q7 at webmail.nist.gov>
Sender: mext-bounces at ietf.org
User-agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)

Hi,                                                [mext added in CC]

"Sheila Frankel" <sheila.frankel at nist.gov> writes:

> 7.  Outgrowths of IPsec/IKE
>    7.1.  IPComp (Compression)
>    7.2.  IKEv2 Mobility and Multihoming (MobIKE)
>    7.3.  Better-than-Nothing Security (Btns)
>    7.4.  Kerberized Internet Negotiation of Keys (Kink)
>    7.5.  IPsec Secure Remote Access (IPSRA)
>    7.6.  IPsec Keying Information Resource Record (IPsecKEY)
> 8.  Other Protocols that use IPsec/IKE
>    8.1.  Mobile IP (MIPv4 and MIPv6)

IMHO, MIPv6 is user of IPsec/IKE but not a common user: it uses
IPsec/IKE for its protection but it also has some very tight
interactions with IKE/IPsec/[PF_KEY] and for that reason, specific
requirements:

- configuration via IKEv2 (various RFC)
- bootstrapping and efficient handling of movement in IPsec/IKE context
  (see draft draft-ebalard-mext-pfkey-enhanced-migrate-00 which is a
  follow-up of draft-sugimoto-mip6-pfkey-migrate-04) 

The problem is that this last item sits in the middle of the field with
IPsec WG on one side and MIPv6 on the other; each side considering that
it should be handled by the other.

At the moment, MIPv6 specification documents (3775, 3776, 4877, 5026,
...) have expectations on the behavior in IPsec/IKE environments but
IPsec/IKE (and possibly PF_KEY) are missing the interfaces to support
those requirements. This is currently making progress outside any
working group. 

In the end, I am wondering where this item stand w.r.t the roadmap
document. I know that it is not in the initial set of work items of the
WG but this does not prevent clarifying the position of the WG on it in
the doc, does it?

>    8.2.  Open Shortest Path First (OSPF)
>    8.3.  Host Identity Protocol (HIP)
>    8.4.  Extensible Authentication Protocol (EAP) Method Update (EMU) 10
>    8.5.  Stream Control Transmission Protocol (SCTP)
>    8.6.  Fibre Channel
> 9.  Security Considerations
> 10.  IANA Considerations
> 11. References
>    11.1. Normative References
>    11.2. Informative References
>
> Sections 1 and 2 will contain introductory material about IPsec and
> IKE: their functions, placement in the stack, inter-relationships,
> etc.
>
> The rest of the doc will basically be a list of RFCs, with a brief
> description of each. For the cryptographic algorithms, each section
> will describe where each type of algorithm is used within IPsec and/or
> IKE. For each algorithm, the following information will be included:
> whether it applies to IPsec, IKE, or both; requirement level (MUST
> etc.); special considerations (e.g. cannot be used with manual
> keying); how widely/commonly it is deployed. Section 8 (other
> protocols that use IPsec/IKE) will very briefly mention the context in
> which each protocol and/or RFC uses IPsec/IKE.
>
> Questions for the list:
> 1) Are there any other topics that should be discussed?

the one above, i.e. where should MIPv6 IPsec/IKE roadmap/work be
handled ;-)

Cheers,

a+

_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext

Follow-Ups:
- Re: [MEXT] [IPsec] Roadmap doc
  - From: Yaron Sheffer

Prev by Date: Re: [MEXT] Revoking all bindings of an MN
Next by Date: [MEXT] A comment on draft-ietf-monami6-multiplecoa-09.txt
Previous by thread: [MEXT] Revoking all bindings of an MN
Next by thread: Re: [MEXT] [IPsec] Roadmap doc
Index(es):
- Date
- Thread

Re: [MEXT] [IPsec] Roadmap doc

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.