IP Security Maintenance and Extensions (IPsecME) WG.

IETF 110 - Monday March 8th, 2021 12:00-14:00 UTC

https://meetings.conf.meetecho.com/ietf110/?group=ipsecme&short=&item=1

Log from Jabber room / Meetecho chat

https://www.ietf.org/jabber/logs/ipsecme/2021-03-08.html

Agenda

Document Status

Chairs (5 min)

Lou Berger: minor comment (in jabber), slide should read draft-ietf, not draft-hopps Tero: Correct, it's a bad cut-and-paste

ipsecme-labeled-ipsec

no change since IETF109, ready for last call?! - no concerns expressed at WG meeting. -> start WGLC

Work items

Group Key Management using IKEv2

Valery Smyslov (10 min)

Paul agrees to review this document.

IPTFS Base Draft WGLC Changes

Christian Hopps (10 min)

Comments from Valery about making this more generic. Much discussion about how/if to make this document more generic. Conclusion was that some edits will be proposed by Valery in the next 2 weeks, and then publish to IESG in either case.

Management (Yang adoption and update, new SNMP draft)

Donald Fedyk (10 min)

Yoav says that SDNIPSEC document from I2NSF is now at the IESG, and is no longer a moving target. Tero said no rush on YANG document, and will do an adoption call on SNMP draft. Also unfortunate that there isn't a tool to automatically derive MIB from YANG. -> WG Adoption for MIB document

New items

IKEv2 Configuration for Encrypted DNS

Valery Smyslov (5 min)

Discussion about whether or not the document goes to into ADD teritory, or whetner or not IPSECME owns IKEv2 protocol bits. Section 3, should either be cut, or expanded to point at ADD documents.

New payload format for IKEv2

Valery Smyslov (15 min)

There was some interest in >64k payloads, and that CBOR might be a way there, but many felt that this was really a path towards IKEv3. There was skepticism that there are real IoT use cases/users of IKEv2.

IKEv1 graveyard

Paul Wouters (5 min)

Paul asks for ADOPTION or a clear signal of death. Tero says that the IKEv1 registries are already effectively closed. Discussion about why group1 and group22 aren't deprecated in this document, and the answer was that we have RFC8247,etc. to do this. ACTION: an ADOPTION call will be started after this meeting.

BGP UPDATE for SDWAN Edge Discovery

Linda Dunbar (10 min)

no action, no time

X.509 extensions and alternative signature schemes in IKEv2

Leonie Bruckert (5 min)

Being discussed in LAMPS.

IKEv2 Optional SA & TS Payloads in Child Exchange

Paul Wouters (5 min)

discuss on list for adoption.

Multi-SA performance

Paul Wouters (5 min)

changes described.

AOB + Open Mic