Current Meeting Report

2.6.1 IP Security Protocol (ipsec)

NOTE: This charter is a snapshot of the 54th IETF Meeting in Yokohama, Japan. It may now be out-of-date.

Last Modifield: 05/16/2002

Barbara Fraser <>
Theodore Ts'o <>
Security Area Director(s):
Jeffrey Schiller <>
Steve Bellovin <>
Security Area Advisor:
Jeffrey Schiller <>
Technical Advisor(s):
Uri Blumenthal <>
Mailing Lists:
General Discussion:
To Subscribe:
Archive: OR
Description of Working Group:
Note: The Technical Advisor has the task to advice on technical matters related to all the MIB work in this WG.

Rapid advances in communication technology have accentuated the need for security in the Internet. The IP Security Protocol Working Group (IPSEC) will develop mechanisms to protect client protocols of IP. A security protocol in the network layer will be developed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality.

The IPSEC working group will restrict itself to the following short-term work items to improve the existing key management protocol (IKE) and IPSEC encapsulation protocols:

1. Changes to IKE to support NAT/Firewall traversal

2. Changes to IKE to support SCTP

3. New cipher documents to support AES-CBC, AES-MAC, SHA-2, and a fast AES mode suitable for use in hardware encryptors

4. IKE MIB documents

5. Sequence number extensions to ESP to support an expanded sequence number space.

6. Clarification and standardization of rekeying procedures in IKE.

The working group will also update IKE to clarify the specification and to reflect implementation experience, new requirements, and protocol analysis of the existing protocol. The requirements for IKE V2 will be revised and updated as the first step in this process.

Goals and Milestones:
Done  Post as an Internet-Draft the IP Security Protocol.
Done  Post as an Interenet-Draft the specification for Internet key management.
Done  Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Done  Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).
Done  Submit revised Interent-Drafts for ESP, AH, and IP Security Architecture.
Done  Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.
Done  Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.
Done  Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
OCT 01  Internet Drafts on NAT and Firewall traversal, IKE MIBs, and requirements for IPsec and IKE for use with SCTP, to working group last call.
OCT 01  Submit revised Internet-Drafts of NAT and Firewall traversal, IKE MIBs, and SCTP support for considerations as Draft Standards.
NOV 01  Internet-Drafts on sequence number expansion in IKE, and IKE re-keying completed.
DEC 01  Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE re-keying to working group last call.
DEC 01  Internet-Draft on IKE v2 Requirements to working group last call
DEC 01  Internet-Drafts describing candidate IKE v2 approaches submitted to the working group.
FEB 02  Submit revised Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE rekeying for consideration as Draft Standards.
APR 02  Discuss and select the IKE v2 design from candidate approaches.
DEC 02  Submit
  • - draft-ietf-ipsec-esp-v3-03.txt
  • - draft-ietf-ipsec-ciph-aes-cbc-04.txt
  • - draft-ietf-ipsec-ike-modp-groups-04.txt
  • - draft-ietf-ipsec-sctp-03.txt
  • - draft-ietf-ipsec-nat-reqts-01.txt
  • - draft-ietf-ipsec-nat-t-ike-03.txt
  • - draft-ietf-ipsec-udp-encaps-03.txt
  • - draft-ietf-ipsec-properties-02.txt
  • - draft-ietf-ipsec-ciph-sha-256-01.txt
  • - draft-ietf-ipsec-ikev2-02.txt
  • - draft-ietf-ipsec-jfk-04.txt
  • - draft-ietf-ipsec-ciph-aes-xcbc-mac-02.txt
  • - draft-ietf-ipsec-ikev2-rationale-00.txt
  • - draft-ietf-ipsec-rfc2402bis-01.txt
  • - draft-ietf-ipsec-sonofike-rqts-00.txt
  • - draft-ietf-ipsec-revised-identity-00.txt
  • - draft-ietf-ipsec-soi-features-01.txt
  • - draft-ietf-ipsec-pki-profile-00.txt
  • - draft-ietf-ipsec-esn-addendum-00.txt
  • Request For Comments:
    RFC1827 PS IP Encapsulating Security Payload (ESP)
    RFC1828 PS IP Authentication using Keyed MD5
    RFC1829 PS The ESP DES-CBC Transform
    RFC1826 PS IP Authentication Header
    RFC1825 PS Security Architecture for the Internet Protocol
    RFC2085 PS HMAC-MD5 IP Authentication with Replay Prevention
    RFC2104 I HMAC: Keyed-Hashing for Message Authentication
    RFC2402 PS IP Authentication Header
    RFC2451 PS The ESP CBC-Mode Cipher Algorithms
    RFC2401 PS Security Architecture for the Internet Protocol
    RFC2403 PS The Use of HMAC-MD5-96 within ESP and AH
    RFC2412 I The OAKLEY Key Determination Protocol
    RFC2404 PS The Use of HMAC-SHA-1-96 within ESP and AH
    RFC2405 PS The ESP DES-CBC Cipher Algorithm With Explicit IV
    RFC2406 PS IP Encapsulating Security Payload (ESP)
    RFC2407 PS The Internet IP Security Domain of Interpretation for ISAKMP
    RFC2408 PS Internet Security Association and Key Management Protocol (ISAKMP)
    RFC2409 PS The Internet Key Exchange (IKE)
    RFC2411 I IP Security Document Roadmap
    RFC2410 PS The NULL Encryption Algorithm and Its Use With IPsec
    RFC2857 PS The Use of HMAC-RIPEMD-160-96 within ESP and AH

    Current Meeting Report

    None received.


    None received.