2.6.2 IP Security Protocol (ipsec)

NOTE: This charter is a snapshot of the 44th IETF Meeting in Minneapolis, Minnesota. It may now be out-of-date. Last Modified: 05-Mar-99

Chair(s):

Theodore Ts'o <tytso@mit.edu>
Robert Moskowitz <rgm@icsa.net>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortel.ca>

Security Area Advisor:

Jeffrey Schiller <jis@mit.edu>

Mailing Lists:

General Discussion:ipsec@lists.tislabs.com
To Subscribe: ipsec-request@lists.tislabs.com
Archive: ftp://ftp.tis.com/pub/lists/ipsec OR ftp.ans.net/pub/archive/ipsec

Description of Working Group:

Rapid advances in communication technology have accentuated the need for security in the Internet. The IP Security Protocol Working Group (IPSEC) will develop mechanisms to protect client protocols of IP. A security protocol in the network layer will be developed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality.

The protocol formats for the IP Authentication Header (AH) and IP Encapsulating Security Payload (ESP) will be independent of the cryptographic algorithm. The preliminary goals will specifically pursue host-to-host security followed by subnet-to-subnet and host-to-subnet topologies.

Protocol and cryptographic techniques will also be developed to support the key management requirements of the network layer security. The Internet Key Management Protocol (IKMP) will be specified as an application layer protocol that is independent of the lower layer security protocol.The protocol will be based on the ISAKMP/Oakley work begun in:

draft-ietf-ipsec-isakmp-05.txt,

draft-ietf-ipsec-oakley-01.txt, and

draft-ietf-ipsec-isakmp-oakley-00.txt

A follow on work item may incorporate mechanisms based on SKIP as defined in:

draft-ietf-ipsec-skip-07.txt

and related documents.Flexibility in the protocol will allow eventual support of Key Distribution Centers (KDC), such as are used by Kerberos.

Goals and Milestones:

Done

  

Post as an Internet-Draft the IP Security Protocol.

Done

  

Post as an Interenet-Draft the specification for Internet key management.

Done

  

Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done

  

Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).

Done

  

Submit revised Interent-Drafts for ESP, AH, and IP Security Architecture.

Done

  

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Dec 96

  

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Done

  

Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.

Done

  

Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Jul 97

  

Submit IKMP to IESG for consideration as a Draft Standard.

Internet-Drafts:

Request For Comments:

RFC

Status

Title

 

RFC1828

PS

IP Authentication using Keyed MD5

RFC1829

PS

The ESP DES-CBC Transform

RFC2104

 

HMAC: Keyed-Hashing for Message Authentication

RFC2085

PS

HMAC-MD5 IP Authentication with Replay Prevention

RFC2401

PS

Security Architecture for the Internet Protocol

RFC2410

PS

The NULL Encryption Algorithm and Its Use With IPsec

RFC2411

 

IP Security Document Roadmap

RFC2402

PS

IP Authentication Header

RFC2412

 

The OAKLEY Key Determination Protocol

RFC2451

PS

The ESP CBC-Mode Cipher Algorithms

RFC2403

PS

The Use of HMAC-MD5-96 within ESP and AH

RFC2404

PS

The Use of HMAC-SHA-1-96 within ESP and AH

RFC2405

PS

The ESP DES-CBC Cipher Algorithm With Explicit IV

RFC2406

PS

IP Encapsulating Security Payload (ESP)

RFC2407

PS

The Internet IP Security Domain of Interpretation for ISAKMP

RFC2408

PS

Internet Security Association and Key Management Protocol (ISAKMP)

RFC2409

PS

The Internet Key Exchange (IKE)

Current Meeting Report

None received.

Slides

Requirements for IPSEC Policy for the DECIDUOUS Project
IBM's Implementation IBM's Implementation of IPSEC Policy of IPSEC Policy Schema
Security Policy SystemSecurity Policy Specification Language