IP Security Protocol (ipsec) Charter

IP Security Protocol (ipsec)

This Working Group did not meet

Last Modified: 2003-04-10

Chair(s):

Barbara Fraser <byfraser@cisco.com>
Theodore Ts'o <tytso@mit.edu>

Security Area Director(s):

Russell Housley <housley@vigilsec.com>
Steven Bellovin <smb@research.att.com>

Security Area Advisor:

Russell Housley <housley@vigilsec.com>

Technical Advisor(s):

Uri Blumenthal <uri@lucent.com>

Mailing Lists:

General Discussion: ipsec@lists.tislabs.com
To Subscribe: ipsec-request@lists.tislabs.com
Archive: ftp://ftp.tis.com/pub/lists/ipsec OR ftp.ans.net/pub/archive/ipsec

Description of Working Group:

Note: The Technical Advisor has the task to advice on technical
matters related to all the MIB work in this WG.

Rapid advances in communication technology have accentuated the need
for security in the Internet. The IP Security Protocol Working Group
(IPSEC) will develop mechanisms to protect client protocols of IP. A
security protocol in the network layer will be developed to provide
cryptographic security services that will flexibly support combinations
of authentication, integrity, access control, and confidentiality.

The IPSEC working group will restrict itself to the following
short-term work items to improve the existing key management protocol
(IKE) and IPSEC encapsulation protocols:

1. Changes to IKE to support NAT/Firewall traversal

2. Changes to IKE to support SCTP

3. New cipher documents to support AES-CBC, AES-MAC, SHA-2, and
a fast AES mode suitable for use in hardware encryptors

4. IKE MIB documents

5. Sequence number extensions to ESP to support an expanded sequence
number space.

6. Clarification and standardization of rekeying procedures in IKE.

The working group will also update IKE to clarify the specification and
to reflect implementation experience, new requirements, and protocol
analysis of the existing protocol. The requirements for IKE V2 will be
revised and updated as the first step in this process.

Goals and Milestones:

Done		Post as an Internet-Draft the IP Security Protocol.
Done		Post as an Interenet-Draft the specification for Internet key management.
Done		Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Done		Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).
Done		Submit revised Interent-Drafts for ESP, AH, and IP Security Architecture.
Done		Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.
Done		Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.
Done		Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Oct 01		Internet Drafts on NAT and Firewall traversal, IKE MIBs, and requirements for IPsec and IKE for use with SCTP, to working group last call.
Oct 01		Submit revised Internet-Drafts of NAT and Firewall traversal, IKE MIBs, and SCTP support for considerations as Draft Standards.
Nov 01		Internet-Drafts on sequence number expansion in IKE, and IKE re-keying completed.
Dec 01		Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE re-keying to working group last call.
Dec 01		Internet-Draft on IKE v2 Requirements to working group last call
Dec 01		Internet-Drafts describing candidate IKE v2 approaches submitted to the working group.
Feb 02		Submit revised Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE rekeying for consideration as Draft Standards.
Apr 02		Discuss and select the IKE v2 design from candidate approaches.
Sep 02		IKE
Dec 02		Submit