This Working Group did not meet
Last Modified: 2003-11-25
The IPSEC working group will restrict itself to the following short-term work items to improve the existing key management protocol (IKE) and IPSEC encapsulation protocols:
1. Changes to IKE to support NAT/Firewall traversal
2. Changes to IKE to support SCTP
3. New cipher documents to support AES-CBC, AES-MAC, SHA-2, and a fast AES mode suitable for use in hardware encryptors
4. IKE MIB documents
5. Sequence number extensions to ESP to support an expanded sequence number space.
6. Clarification and standardization of rekeying procedures in IKE.
The working group will also update IKE to clarify the specification and to reflect implementation experience, new requirements, and protocol analysis of the existing protocol. The requirements for IKE V2 will be revised and updated as the first step in this process.
Done | Post as an Internet-Draft the IP Security Protocol. | |
Done | Post as an Interenet-Draft the specification for Internet key management. | |
Done | Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard. | |
Done | Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH). | |
Done | Submit revised Interent-Drafts for ESP, AH, and IP Security Architecture. | |
Done | Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards. | |
Done | Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard. | |
Done | Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard. | |
Done | Internet Drafts on NAT and Firewall traversal, IKE MIBs, and requirements for IPsec and IKE for use with SCTP, to working group last call. | |
Done | Submit revised Internet-Drafts of NAT and Firewall traversal, IKE MIBs, and SCTP support for considerations as Draft Standards. | |
Done | Internet-Drafts on sequence number expansion in IKE, and IKE re-keying completed. | |
Done | Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE re-keying to working group last call. | |
Done | Internet-Draft on IKE v2 Requirements to working group last call | |
Done | Internet-Drafts describing candidate IKE v2 approaches submitted to the working group. | |
Done | Submit revised Internet-Drafts on AES/SHA-2, sequence number expansion, and IKE rekeying for consideration as Draft Standards. | |
Done | Discuss and select the IKE v2 design from candidate approaches. | |
Done | Submit IKEv2 for consideration as Draft Standard | |
Nov 03 | Revised draft on IPsec Architecture to working group last call | |
Jan 04 | Submit revised draft on IPsec Architecture for consideration as Draft Standard |
RFC | Status | Title |
---|---|---|
RFC1829 | PS | The ESP DES-CBC Transform |
RFC1827 | PS | IP Encapsulating Security Payload (ESP) |
RFC1828 | PS | IP Authentication using Keyed MD5 |
RFC1826 | PS | IP Authentication Header |
RFC1825 | PS | Security Architecture for the Internet Protocol |
RFC2104 | I | HMAC: Keyed-Hashing for Message Authentication |
RFC2085 | PS | HMAC-MD5 IP Authentication with Replay Prevention |
RFC2401 | PS | Security Architecture for the Internet Protocol |
RFC2410 | PS | The NULL Encryption Algorithm and Its Use With IPsec |
RFC2411 | I | IP Security Document Roadmap |
RFC2402 | PS | IP Authentication Header |
RFC2412 | I | The OAKLEY Key Determination Protocol |
RFC2451 | PS | The ESP CBC-Mode Cipher Algorithms |
RFC2403 | PS | The Use of HMAC-MD5-96 within ESP and AH |
RFC2404 | PS | The Use of HMAC-SHA-1-96 within ESP and AH |
RFC2405 | PS | The ESP DES-CBC Cipher Algorithm With Explicit IV |
RFC2406 | PS | IP Encapsulating Security Payload (ESP) |
RFC2407 | PS | The Internet IP Security Domain of Interpretation for ISAKMP |
RFC2408 | PS | Internet Security Association and Key Management Protocol (ISAKMP) |
RFC2409 | PS | The Internet Key Exchange (IKE) |
RFC2857 | PS | The Use of HMAC-RIPEMD-160-96 within ESP and AH |
RFC3526 | PS | More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) |
RFC3554 | PS | On the Use of Stream Control Transmission Protocol (SCTP) with IPsec |
RFC3566 | PS | The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec |
RFC3602 | PS | The AES-CBC Cipher Algorithm and Its Use with IPsec |
RFC3664 | Standard | The AES-XCBC-PRF-128 algorithm for IKE |
RFC3686 | Standard | Using AES Counter Mode With IPsec ESP |