NOTE: This charter is a snapshot of the 39th IETF Meeting in Munich, Bavaria, Germany. It may now be out-of-date.
Chair(s):
Theodore Ts'o <tytso@mit.edu>
Robert Moskowitz <rgm3@chrysler.com>
Security Area Director(s):
Jeffrey Schiller <jis@mit.edu>
Security Area Advisor:
Jeffrey Schiller <jis@mit.edu>
Mailing Lists:
General Discussion: ipsec@tis.com
To Subscribe: ipsec-request@tis.com
Archive: ftp://ftp.tis.com/pub/lists/ipsec
Description of Working Group:
Rapid advances in communication technology have accentuated the need for security in the Internet. The IP Security Protocol Working Group (IPSEC) will develop mechanisms to protect client protocols of IP. A security protocol in the network layer will be developed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality.
The protocol formats for the IP Authentication Header (AH) and IP Encapsulating Security Payload (ESP) will be independent of the cryptographic algorithm. The preliminary goals will specifically pursue host-to-host security followed by subnet-to-subnet and host-to-subnet topologies.
Protocol and cryptographic techniques will also be developed to support the key management requirements of the network layer security. The Internet Key Management Protocol (IKMP) will be specified as an application layer protocol that is independent of the lower layer security protocol. The protocol will be based on the ISAKMP/Oakley work begun in:
draft-ietf-ipsec-isakmp-05.txt,
draft-ietf-ipsec-oakley-01.txt, and
draft-ietf-ipsec-isakmp-oakley-00.txt
A follow on work item may incorporate mechanisms based on SKIP as defined in:
draft-ietf-ipsec-skip-07.txt
and related documents. Flexibility in the protocol will allow eventual support of Key Distribution Centers (KDC), such as are used by Kerberos.
Goals and Milestones:
Done |
|
Post as an Internet-Draft the IP Security Protocol. |
Done |
|
Post as an Internet-Draft the specification for Internet key management. |
Done |
|
Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard. |
Done |
|
Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH). |
Done |
|
Submit revised Internet-Drafts for ESP, AH, and IP Security Architecture. |
Done |
|
Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards. |
Dec 96 |
|
Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards. |
Done |
|
Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Okay to the IESG for consideration as a Proposed Standard. |
Done |
|
Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard. |
Jul 97 |
|
Submit IKMP to IESG for consideration as a Draft Standard. |
Internet-Drafts:
· Internet Security Association and Key Management Protocol (ISAKMP)
· The OAKLEY Key Determination Protocol
· The ESP Triple DES Transform
· IP Authentication Header
· The resolution of ISAKMP with Oakley
· The Internet IP Security Domain of Interpretation for ISAKMP
· Inline Keying within the ISAKMP Framework.
· Implementation of Virtual Private Network (VPNs) with IP Security
· The ESP RC5-CBC Algorithm
· The ESP CAST128-CBC Algorithm
· A revised encryption mode for ISAKMP/Oakley
· The ESP DES-CBC Transform
· IP Security Document Roadmap
· The Use of HMAC-SHA-1-96 within ESP and AH
· The Use of HMAC-MD5-96 within ESP and AH
· The ESP DES-CBC Cipher Algorithm With Explicit IV
· ESP with Cipher Block Chaining (CBC)
· The ESP ARCFOUR Algorithm
· The ESP DES-XEX3-CBC Transform
· The ESP Blowfish-CBC Algorithm Using an Explicit IV
· The ESP 3DES-CBC Algorithm Using an Explicit IV
· The ESP IDEA-CBC Algorithm Using Explicit IV
· IP Encapsulating Security Payload (ESP)
· The ESP CAST5-128-CBC Transform
· The ESP CBC-Mode Cipher Algorithms
· The ISAKMP Configuration Mode
Request For Comments:
RFC |
Status |
Title |
RFC1828 |
PS |
IP Authentication using Keyed MD5 |
RFC1826 |
PS |
IP Authentication Header |
RFC1825 |
PS |
Security Architecture for the Internet Protocol |
RFC1827 |
PS |
IP Encapsulating Security Payload (ESP) |
RFC1829 |
PS |
The ESP DES-CBC Transform |
RFC2104 |
HMAC: Keyed-Hashing for Message Authentication | |
RFC2085 |
PS |
HMAC-MD5 IP Authentication with Replay Prevention |
Minutes of the IPsec Working Group Meeting
Moderator: Ted Ts'o <tytso@mit.edu>, WG Co-Chair
Reported by Rodney Thayer <rodney@sabletech.com>
The WG met on Friday at the IETF meeting in Munich. Approximately 120 people attended. This was MBONE broadcast.
Agenda
I. Agenda Bashing/Introduction
II. Active WG Documents
III. AH and ESP Review
IV. DES MAC Presentation
V. ISAKMP Review
VI. Architecture Review
VII. Trust Path Topology Presentation
VIII. VPN Presentation
IX. Secure DHCP Presentation
X. IPsec Follow-on Presentation
II. Active WG Documents
Ted presented the list of documents, all 29 of them. This includes top-level, encryption, authentication, key management, and some obsolete Internet Drafts. This does include some that have received little feedback, such as the ISAKMP optimization proposal, and the WG was encouraged to make sure people have reviewed the documents. It was pointed out that there are too many drafts, and we should somehow cut down the number. There was a discussion about what can be advanced, the answer was that some sort of consistent set of documents has to be advanced together so that people can get context when they read them.
III. AH and ESP Review - Steve Kent
Steve Kent reviewed the AH and ESP documents. These together with the Architecture document and the (default, referenced) ESP Cipher and Authentication drafts would make up the minimal set that can be advanced. There was a discussion of window size, which has carried forward to the mailing list. There was some discussion about mutable fields being zero and not some predicted value. There was discussion about sequence number rollover if manually keyed (conclusion: ignore rollover). There was mention that the defaults are now DES/CBC, HMAC-MD5(?), and 64 packet replay window.
IV. DES MAC Presentation - Sara Bitan
This was a proposal to use DES as a MAC algorithm -- do a separate DES operation and use the last DES block (64-bits) as the MAC value. A draft has been written and submitted. The motivation is that you can get DES chips, Authentication algorithms are slow and auth chips are hard to buy (a consideration outside the US)
V. ISAKMP Review - Doug Maughan
Doug Maughan presented the current ISAKMP (V8) draft. There was some discussion about field alignment and padding.
VI. IPSec Architecture Review - Steve Kent
Steve Kent went over the current draft of the Architecture document. There was discussion about 'selectors' (an old section in the document which has received little comment), IPv6 'Class', DOI vs. Architecture inconsistencies. There was discussion about whether ESP should be mandatory for IPv4. A modest amount of Multicast discussion was volunteered to be added to the document.
VII. Topology Discovery - Sara Bitan
Sara Bitan presented a proposal for topology discovery using secure paths among routers.
VIII. Virtual Private Networks - Naganand Doraswamy
Naganand presented a proposal on VPN scenarios using IPsec, with a proposal to add a "TX" DNS record type. There was discussion on whether ICMP could be used, or other schemes.
IX. Secure DHCP - B. Patel
B. Patel did a presentation on how to use DHCP in a secure manner with Ipsec, based on a two stage procedure using two DHCP servers, one untrusted and one trusted.
X. IPsec Follow-on - Steve Bellovin
Steve Bellovin presented his view of what has to happen next with IPsec, dividing things into "critical path," "Useful," and "Hard" items. The only thing left on the critical path is a MIB. There was discussion that there needs to be more somewhere about how applications can use IPsec.
None Received