IKEv2-Derived Shared Secret Key for the One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP)

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    ippm mailing list <ippm@ietf.org>,
    ippm chair <ippm-chairs@ietf.org>
Subject: Protocol Action: 'IKEv2-derived Shared Secret Key for O/TWAMP' to Proposed Standard (draft-ietf-ippm-ipsec-11.txt)

The IESG has approved the following document:
- 'IKEv2-derived Shared Secret Key for O/TWAMP'
  (draft-ietf-ippm-ipsec-11.txt) as Proposed Standard

This document is the product of the IP Performance Metrics Working Group.

The IESG contact persons are Spencer Dawkins and Martin Stiemerling.

A URL of this Internet Draft is:

Technical Summary

   The One-way Active Measurement Protocol (OWAMP) and Two-Way Active
   Measurement Protocol (TWAMP) security mechanism require that both the
   client and server endpoints possess a shared secret.  Since the
   currently-standardized O/TWAMP security mechanism only supports a
   pre-shared key mode, large scale deployment of O/TWAMP is hindered
   significantly.  At the same time, recent trends point to wider
   Internet Key Exchange Protocol Version 2 (IKEv2) deployment which, in
   turn, calls for mechanisms and methods that enable tunnel end-users,
   as well as operators, to measure one-way and two- way network
   performance in a standardized manner.  This document describes the
   use of keys derived from an IKEv2 security association (SA) as the
   shared key in O/TWAMP.  If the shared key can be derived from the
   IKEv2 SA, O/TWAMP can support certificate-based key exchange, which
   would allow for more operational flexibility and efficiency.  The key
   derivation presented in this document can also facilitate automatic
   key management.

Working Group Summary

   The document was discussed extensively within the IPPM WG, 
    and has gone through two WGLCs. There was no significant 
    controversy during the discussion of the document -- the main 
    points of discussion had to do with the details of how to implement 
    the binding between O/TWAMP and IPsec and whether the packet 
    format used needed to be backward-compatible with non-IPsec 
    O/TWAMP. The document has consensus to go forward.

Document Quality

    As the document "glues" O/TWAMP to IPsec, it required review 
    from both communities The document has had less comment 
    from the IPsec WG than from the IPPM WG, but comments from 
    IPsec were addressed.


    Brian Trammell is the document shepherd. 
    Spencer Dawkins is the responsible AD.