IP Security Protocol (ipsec) Charter

Chair(s)

• Ran Atkinson <rja@cisco.com>
• Paul Lambert <palamber@us.oracle.com>

Security Area Director(s):

• Jeffrey Schiller <jis@mit.edu>

Mailing List Information

• General Discussion:ipsec@tis.com
• To Subscribe: ipsec-request@tis.com
• Archive: ftp://ftp.tis.com/pub/lists/ipsec

Description of Working Group

The protocol formats for the IP Authentication Header (AH) and IP Encapsulating Security Payload (ESP) will be independent of the cryptographic algorithm. The preliminary goals will specifically pursue host-to-host security followed by subnet-to-subnet and host-to-subnet topologies.

Protocol and cryptographic techniques will also be developed to support the key management requirements of the network layer security. The Internet Key Management Protocol (IKMP) will be specified as an application layer protocol that is independent of the lower layer security protocol.The protocol will be based on the ISAKMP/Oakley work begun in:

draft-ietf-ipsec-isakmp-05.txt,

draft-ietf-ipsec-oakley-01.txt, and

draft-ietf-ipsec-isakmp-oakley-00.txt

A follow on work item may incorporate mechanisms based on SKIP as defined in:

draft-ietf-ipsec-skip-07.txt

and related documents.Flexibility in the protocol will allow eventual support of Key Distribution Centers (KDC), such as are used by Kerberos.

Goals and Milestones

Done

Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done

Post as an Internet-Draft the IP Security Protocol.

Done

Post as an Interenet-Draft the specification for Internet key management.

Done

Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done

Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).

Done

Submit revised Interent-Drafts for ESP, AH, and IP Security Architecture.

Done

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Dec 96

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Jan 97

Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.

Jul 97

Submit IKMP to IESG for consideration as a Draft Standard.

Current Internet-Drafts

• Internet Security Association and Key Management Protocol (ISAKMP). (There is also a PostScript version.)
• Simple Key-Management For Internet Protocols (SKIP).
• X.509 Encoding of Diffie-Hellman Public Values.
• Encoding of an Unsigned Diffie-Hellman Public Value.
• Certificate Discovery Protocol.
• SKIP Algorithm Discovery Protocol.
• SKIP Extensions for IP Multicast.
• The OAKLEY Key Determination Protocol.
• SKIP extension for Perfect Forward Secrecy (PFS).
• Combined DES-CBC, HMAC and Replay Prevention Security Transform.
• HMAC: Keyed-Hashing for Message Authentication.
• HMAC-MD5 IP Authentication with Replay Prevention.
• HMAC-SHA IP Authentication with Replay Prevention.
• IP Encapsulating Security Payload (ESP).
• Security Architecture for the Internet Protocol.
• IP Authentication Header.
• The resolution of ISAKMP with Oakley.
• Combined 3DES-CBC, HMAC and Replay Prevention Security Transform.
• The Internet IP Security Domain of Interpretation for ISAKMP.
• Inline Keying within the ISAKMP Framework..

Request for Comments

• Security Architecture for the Internet Protocol (RFC 1825)
• IP Authentication Header (RFC 1826)
• IP Encapsulating Security Payload (ESP) (RFC 1827)
• The ESP DES-CBC Transform (RFC 1829)
• IP Authentication using Keyed MD5 (RFC 1828)