Skip to main content

IP Security Maintenance and Extensions
charter-ietf-ipsecme-13-01

The information below is for a proposed recharter. The current approved charter is version 13
Document Proposed charter IP Security Maintenance and Extensions WG (ipsecme)
Title IP Security Maintenance and Extensions
Last updated 2025-01-09
State Start Chartering/Rechartering (Internal Steering Group/IAB Review) Rechartering
WG State Active
IESG Responsible AD Deb Cooley
Charter edit AD Deb Cooley
Telechat date On agenda of 2025-01-23 IESG telechat
Has enough positions to pass.
Send notices to ipsecme-chairs@tools.ietf.org

charter-ietf-ipsecme-13-01

The IPsec suite of protocols includes IKEv2 (STD 79 and associated
RFCs), the IPsec security architecture (RFC 4301), AH (RFC 4302), and
ESP (RFC 4303). It also includes the now obsoleted IKEv1 (RFC 2409 and
associated RFCs). IPsec is widely deployed in VPN gateways, VPN remote
access, and as a substrate for host-to-host, host-to-network, and
network-to-network security.

The IPsec Maintenance and Extensions Working Group continues the work
of the earlier IPsec Working Group which was concluded in 2005. Its
purpose is to maintain the IPsec standard and to facilitate discussion
of clarifications, improvements, and extensions to IPsec, mostly to
ESP and IKEv2. The working group also serves as a focus point for
other IETF Working Groups who use IPsec in their own protocols.

The current work items include:

Post-quantum Cryptography (PQC) brings new authentication and key
establishment methods. The working group will develop support for
using PQC algorithms. The solution will allow post quantum
authentication methods to be performed on their own or along with
the existing authentication methods. This work item may also
include solutions for transport issues because of larger payload and
message sizes.

The cryptographic algorithm implementation requirements and usage
guidance documents for IKEv2, ESP, and AH were updated last in
2017. The working group will update these documents. This may also
include defining how to use additional algorithms for IPsec in separate
documents (for example sha3, and PQC).

There is a need for tools that make it easier to debug IPsec configurations.
The working group will work on documents to help that. One such tool could
be esp-ping protocol.

The ESPv3 protocol was defined in 2005 and there may be a need to make
enhancements to it. The working group will analyze the possible problems
and work on solving them. This may include updating ESP, AH, and/or Wrapped
ESP (WESP) standards, or result in a new security protocol.

Proposed milestones

No milestones for charter found.