datatracker.ietf.org
Sign in
Version 5.12.0.p2, 2015-03-02
Report a bug

IP Security Maintenance and Extensions
charter-ietf-ipsecme-10

WG Review Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: ipsecme WG <ipsec@ietf.org> 
Subject: WG Review: IP Security Maintenance and Extensions (ipsecme)

The IP Security Maintenance and Extensions (ipsecme) working group in the
Security Area of the IETF is undergoing rechartering. The IESG has not
made any determination yet. The following draft charter was submitted,
and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg at ietf.org) by 2015-01-07.

IP Security Maintenance and Extensions (ipsecme)
------------------------------------------------
Current Status: Active WG

Chairs:
  Paul Hoffman <paul.hoffman@vpnc.org>
  Yaron Sheffer <yaronf.ietf@gmail.com>

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Mailing list
  Address: ipsec@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/ipsec
  Archive: http://www.ietf.org/mail-archive/web/ipsec/

Charter:

 The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated
RFCs), IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301).
IPsec is widely deployed in VPN gateways, VPN remote access clients, and
as a substrate for host-to-host, host-to-network, and network-to-network
security.

The IPsec Maintenance and Extensions Working Group continues the work of
the earlier IPsec Working Group which was concluded in 2005. Its purpose
is to maintain the IPsec standard and to facilitate discussion of
clarifications, improvements, and extensions to IPsec, mostly to IKEv2.
The working group also serves as a focus point for other IETF Working
Groups who use IPsec in their own protocols.

The current work items include:

IKEv2 contains the cookie mechanism to protect against denial of service
attacks. However this mechanism cannot protect an IKE end-point
(typically, a large gateway) from "distributed denial of service", a
coordinated attack by a large number of "bots". The working group will
analyze the problem and propose a solution, by offering best practices
and potentially by extending the protocol.

There is interest in adapting the IKE protocol for opportunistic use
cases, by allowing one or both endpoints of the exchange to remain
unauthenticated. The group will extend the protocol to support these use
cases. 

This charter will expire in December 2015 (a year from approval). If the
charter is not updated before that time, the WG will be closed and any
remaining documents revert back to individual Internet-Drafts.


Milestones:
  Done     - IETF Last Call on large scale VPN use cases and requirements
  Done     - IETF last call on IKE fragmentation solution
  Done     - IETF last call on new mandatory-to-implement algorithms
  Aug 2015 - IETF Last Call on DDoS protection
  Dec 2015 - IETF Last Call on null authentication



WG Action Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: ipsecme WG <ipsec@ietf.org> 
Subject: WG Action: Rechartered IP Security Maintenance and Extensions (ipsecme)

The IP Security Maintenance and Extensions (ipsecme) working group in the
Security Area of the IETF has been rechartered. For additional
information please contact the Area Directors or the WG Chairs.

IP Security Maintenance and Extensions (ipsecme)
------------------------------------------------
Current Status: Active WG

Chairs:
  Paul Hoffman <paul.hoffman@vpnc.org>
  Yaron Sheffer <yaronf.ietf@gmail.com>

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Mailing list
  Address: ipsec@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/ipsec
  Archive: http://www.ietf.org/mail-archive/web/ipsec/

Charter:

 The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated
RFCs), IKEv2 (RFC 7296), and the IPsec security architecture (RFC 4301).
IPsec is widely deployed in VPN gateways, VPN remote access clients, and
as a substrate for host-to-host, host-to-network, and network-to-network
security.

The IPsec Maintenance and Extensions Working Group continues the work of
the earlier IPsec Working Group which was concluded in 2005. Its purpose
is to maintain the IPsec standard and to facilitate discussion of
clarifications, improvements, and extensions to IPsec, mostly to IKEv2.
The working group also serves as a focus point for other IETF Working
Groups who use IPsec in their own protocols.

The current work items include:

IKEv2 contains the cookie mechanism to protect against denial of service
attacks. However this mechanism cannot protect an IKE end-point
(typically, a large gateway) from "distributed denial of service", a
coordinated attack by a large number of "bots". The working group will
analyze the problem and propose a solution, by offering best practices
and potentially by extending the protocol.

There is interest in adapting the IKE protocol for opportunistic use
cases, by allowing one or both endpoints of the exchange to remain
unauthenticated. The group will extend the protocol to support these use
cases. 

This charter will expire in December 2015 (a year from approval). If the
charter is not updated before that time, the WG will be closed and any
remaining documents revert back to individual Internet-Drafts.


Milestones:
  Done     - IETF Last Call on large scale VPN use cases and requirements
  Done     - IETF last call on IKE fragmentation solution
  Done     - IETF last call on new mandatory-to-implement algorithms
  Aug 2015 - IETF Last Call on DDoS protection
  Dec 2015 - IETF Last Call on null authentication



Ballot Announcement