datatracker.ietf.org
Sign in
Version 5.9.0, 2014-12-18
Report a bug

IP Security Maintenance and Extensions
charter-ietf-ipsecme-09-00

Proposed Charter for "IP Security Maintenance and Extensions" (ipsecme) WG
Title: IP Security Maintenance and Extensions
WG State: Active
Charter State:
Informal IESG review - (Rechartering)
Responsible AD: Kathleen Moriarty

Send notices to: "Yaron Sheffer" <yaronf@gmx.com>, "Paul E. Hoffman" <phoffman@proper.com>, ipsec@ietf.org
Last updated: 2014-10-31

Other versions: plain text

Charter charter-ietf-ipsecme-09-00

The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated RFCs),
IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301). IPsec is
widely deployed in VPN gateways, VPN remote access clients, and as a substrate
for host-to-host, host-to-network, and network-to-network security.

The IPsec Maintenance and Extensions Working Group continues the work of the
earlier IPsec Working Group which was concluded in 2005. Its purpose is to
maintain the IPsec standard and to facilitate discussion of clarifications,
improvements, and extensions to IPsec, mostly to IKEv2. The working group also
serves as a focus point for other IETF Working Groups who use IPsec in their own
protocols.

The current work items include:

IKEv2 contains the cookie mechanism to protect against denial of service
attacks. However this mechanism cannot protect an IKE end-point (typically, a
large gateway) from "distributed denial of service", a coordinated attack by a
large number of "bots". The working group will analyze the problem and propose a
solution, by offering best practices and potentially by extending the protocol.

There is interest in adapting the IKE protocol for opportunistic use cases, by
allowing one or both endpoints of the exchange to remain unauthenticated. The
group will extend the protocol to support these use cases. The solution should
be in line with current best practices, including channel binding and possible
formal protocol security proofs.

This charter will expire in December 2015 (a year from approval). If the charter
is not updated before that time, the WG will be closed and any remaining
documents revert back to individual Internet-Drafts.

Proposed Milestones

Done
IETF Last Call on large scale VPN use cases and requirements
Done
IETF last call on IKE fragmentation solution
Done
IETF last call on new mandatory-to-implement algorithms
Aug 2015
IETF Last Call on DDoS protection
Dec 2015
IETF Last Call on null authentication