# IP Security Maintenance and Extensions (IPsecME) WG. ## IETF 110 - Monday March 8th, 2021 12:00-14:00 UTC https://meetings.conf.meetecho.com/ietf110/?group=ipsecme&short=&item=1 ## Log from Jabber room / Meetecho chat https://www.ietf.org/jabber/logs/ipsecme/2021-03-08.html ## Agenda - Note Well, technical difficulties and agenda bashing - Chairs (5 min) - Document Status - Chairs (5 min) - Work items - Group Key Management using IKEv2 - Valery Smyslov (10 min) - IPTFS Base Draft WGLC Changes - Christian Hopps (10 min) - Management (Yang adoption and update, new SNMP draft) - Donald Fedyk (10 min) - New items - IKEv2 Configuration for Encrypted DNS - Valery Smyslov (5 min) - New payload format for IKEv2 - Valery Smyslov (15 min) - IKEv1 graveyard - Paul Wouters (5 min) - BGP UPDATE for SDWAN Edge Discovery - Linda Dunbar (10 min) - X.509 extensions and alternative signature schemes in IKEv2 - Leonie Bruckert (5 min) - IKEv2 Optional SA & TS Payloads in Child Exchange - Paul Wouters (5 min) - Multi-SA performance - Paul Wouters (5 min) - AOB + Open Mic ## Document Status *Chairs (5 min)* Lou Berger: minor comment (in jabber), slide should read draft-ietf, not draft-hopps Tero: Correct, it's a bad cut-and-paste ## ipsecme-labeled-ipsec no change since IETF109, ready for last call?! - no concerns expressed at WG meeting. -> start WGLC # Work items ## Group Key Management using IKEv2 *Valery Smyslov (10 min)* Paul agrees to review this document. ## IPTFS Base Draft WGLC Changes *Christian Hopps (10 min)* Comments from Valery about making this more generic. Much discussion about how/if to make this document more generic. Conclusion was that some edits will be proposed by Valery in the next 2 weeks, and then publish to IESG in either case. ## Management (Yang adoption and update, new SNMP draft) *Donald Fedyk (10 min)* Yoav says that SDNIPSEC document from I2NSF is now at the IESG, and is no longer a moving target. Tero said no rush on YANG document, and will do an adoption call on SNMP draft. Also unfortunate that there isn't a tool to automatically derive MIB from YANG. -> WG Adoption for MIB document # New items ## IKEv2 Configuration for Encrypted DNS *Valery Smyslov (5 min)* Discussion about whether or not the document goes to into ADD teritory, or whetner or not IPSECME owns IKEv2 protocol bits. Section 3, should either be cut, or expanded to point at ADD documents. ## New payload format for IKEv2 *Valery Smyslov (15 min)* There was some interest in >64k payloads, and that CBOR might be a way there, but many felt that this was really a path towards IKEv3. There was skepticism that there are real IoT use cases/users of IKEv2. ## IKEv1 graveyard *Paul Wouters (5 min)* Paul asks for ADOPTION or a clear signal of death. Tero says that the IKEv1 registries are already effectively closed. Discussion about why group1 and group22 aren't deprecated in this document, and the answer was that we have RFC8247,etc. to do this. ACTION: an ADOPTION call will be started after this meeting. ## BGP UPDATE for SDWAN Edge Discovery *Linda Dunbar (10 min)* no action, no time ## X.509 extensions and alternative signature schemes in IKEv2 *Leonie Bruckert (5 min)* Being discussed in LAMPS. ## IKEv2 Optional SA & TS Payloads in Child Exchange *Paul Wouters (5 min)* discuss on list for adoption. ## Multi-SA performance *Paul Wouters (5 min)* changes described. # AOB + Open Mic