IP Security Protocol (ipsec)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

       Additional IPSEC Web Page

Last Modified: 2004-06-07

Chair(s):

Barbara Fraser <byfraser@cisco.com>
Theodore Ts'o <tytso@mit.edu>

Security Area Director(s):

Russ Housley <housley@vigilsec.com>
Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:

Russ Housley <housley@vigilsec.com>

Technical Advisor(s):

Angelos Keromytis <angelos@cs.columbia.edu>
Tero Kivinen <kivinen@safenet-inc.com>

Mailing Lists:

General Discussion: ipsec@ietf.org
To Subscribe: ipsec-request@ietf.org
Archive: http://www.ietf.org/mail-archive/web/ipsec/index.html

Description of Working Group:


Note: The Technical Advisor has the task to advice on technical matters
related to all the MIB work in this WG.
Rapid advances in communication technology have accentuated the need for
security in the Internet. The IP Security Protocol Working Group (IPSEC)
will develop mechanisms to protect client protocols of IP. A security
protocol in the network layer will be developed to provide cryptographic
security services that will flexibly support combinations of
authentication, integrity, access control, and confidentiality.

The IPSEC working group will restrict itself to the following short-term
work items to improve the existing key management protocol (IKE) and
IPSEC encapsulation protocols:

1. Changes to IKE to support NAT/Firewall traversal

2. Changes to IKE to support SCTP

3. New cipher documents to support AES-CBC, AES-MAC, SHA-2, and a fast
AES mode suitable for use in hardware encryptors

4. IKE MIB documents

5. Sequence number extensions to ESP to support an expanded sequence
number space.

6. Clarification and standardization of rekeying procedures in IKE.

The working group will also update IKE to clarify the specification and
to reflect implementation experience, new requirements, and protocol
analysis of the existing protocol. The requirements for IKE V2 will be
revised and updated as the first step in this process.

Goals and Milestones:

Done    Post as an Internet-Draft the IP Security Protocol.
Done    Post as an Interenet-Draft the specification for Internet key management.
Done    Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Done    Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).
Done    Submit revised Interent-Drafts for ESP, AH, and IP Security Architecture.
Done    Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.
Done    Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.
Done    Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Done    Internet Drafts on NAT and Firewall traversal, IKE MIBs, and requirements for IPsec and IKE for use with SCTP, to working group last call.
Done    Submit revised Internet-Drafts of NAT and Firewall traversal, IKE MIBs, and SCTP support for considerations as Draft Standards.
Done    Internet-Drafts on sequence number expansion in IKE, and IKE re-keying completed.
Done    Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE re-keying to working group last call.
Done    Internet-Draft on IKE v2 Requirements to working group last call
Done    Internet-Drafts describing candidate IKE v2 approaches submitted to the working group.
Done    Submit revised Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE rekeying for consideration as Draft Standards.
Done    Discuss and select the IKE v2 design from candidate approaches.
Done    Submit IKEv2 for consideration as Draft Standard
Nov 03    Revised draft on IPsec Architecture to working group last call
Jan 04    Submit revised draft on IPsec Architecture for consideration as Draft Standard

Internet-Drafts:

Additional ECC Groups For IKE (14015 bytes)
IKEv2 Authentication Using ECDSA (22037 bytes)
ECC Groups For IKEv2 (11032 bytes)

Request For Comments:

The ESP DES-CBC Transform (RFC 1829) (19291 bytes)
IP Encapsulating Security Payload (ESP) (RFC 1827) (30278 bytes) obsoleted by RFC 2406
IP Authentication using Keyed MD5 (RFC 1828) (9800 bytes)
IP Authentication Header (RFC 1826) (30475 bytes) obsoleted by RFC 2402
Security Architecture for the Internet Protocol (RFC 1825) (56772 bytes) obsoleted by RFC 2401
HMAC: Keyed-Hashing for Message Authentication (RFC 2104) (22297 bytes)
HMAC-MD5 IP Authentication with Replay Prevention (RFC 2085) (13399 bytes)
Security Architecture for the Internet Protocol (RFC 2401) (168162 bytes)
The NULL Encryption Algorithm and Its Use With IPsec (RFC 2410) (11239 bytes)
IP Security Document Roadmap (RFC 2411) (22796 bytes)
IP Authentication Header (RFC 2402) (52831 bytes)
The OAKLEY Key Determination Protocol (RFC 2412) (118649 bytes)
The ESP CBC-Mode Cipher Algorithms (RFC 2451) (26400 bytes)
The Use of HMAC-MD5-96 within ESP and AH (RFC 2403) (13578 bytes)
The Use of HMAC-SHA-1-96 within ESP and AH (RFC 2404) (13089 bytes)
The ESP DES-CBC Cipher Algorithm With Explicit IV (RFC 2405) (20208 bytes)
IP Encapsulating Security Payload (ESP) (RFC 2406) (54202 bytes)
The Internet IP Security Domain of Interpretation for ISAKMP (RFC 2407) (67878 bytes)
Internet Security Association and Key Management Protocol (ISAKMP) (RFC 2408) (209194 bytes)
The Internet Key Exchange (IKE) (RFC 2409) (94949 bytes)
The Use of HMAC-RIPEMD-160-96 within ESP and AH (RFC 2857) (13544 bytes)
More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) (RFC 3526) (19166 bytes)
On the Use of Stream Control Transmission Protocol (SCTP) with IPsec (RFC 3554) (20102 bytes)
The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec (RFC 3566) (24645 bytes)
The AES-CBC Cipher Algorithm and Its Use with IPsec (RFC 3602) (30254 bytes)
The AES-XCBC-PRF-128 algorithm for IKE (RFC 3664) (6711 bytes)
Using AES Counter Mode With IPsec ESP (RFC 3686) (43777 bytes)
A Traffic-Based Method of Detecting Dead IKE Peers (RFC 3706) (30196 bytes)
IPsec-NAT Compatibility Requirements (RFC 3715) (43476 bytes)
Negotiation of NAT-Traversal in the IKE (RFC 3947) (0 bytes)
UDP Encapsulation of IPsec Packets (RFC 3948) (0 bytes)
IP Encapsulating Security Payload (ESP) (RFC 4303) (114315 bytes)
Internet Key Exchange (IKEv2) Protocol (RFC 4306) (250941 bytes)
IP Authentication Header (RFC 4302) (82328 bytes)
Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP (RFC 4304) (9243 bytes)
Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) (RFC 4309) (28998 bytes)
Cryptographic Algorithms for use in the Internet Key Exchange Version 2 (IKEv2) (RFC 4307) (12980 bytes)
Cryptographic Suites for IPsec (RFC 4308) (13127 bytes)
Security Architecture for the Internet Protocol (RFC 4301) (262123 bytes)
Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (RFC 4305) (17991 bytes)
The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) (RFC 4106) (23399 bytes)
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) (RFC 4754) (27948 bytes)
ECP Groups For IKE and IKEv2 (RFC 4753) (28760 bytes)