Proposed Agenda: 0. Agenda bashing and blue sheets - 5 min 1. Charter discussion - 30 min See proposed charter below 2. Problem statement presentation and discussion - 30 min See 3. Questions to the room about forming the Working Group - 20 min ============= Proposed charter: IPsec gateways maintaining SAs with large number of remote access clients may take unacceptably long times to recover from gateway or network failures when all the clients were to use a full IKEv2 exchange to re-establish the SAs. This is especially true if EAP is used for client authentication in IKEv2. This concern particularly applies to application servers such as Mobile IP Home Agents that use IPsec. The SA re-establishment may be with the same gateway (server) from which the client gets disconnected or another gateway that is within the same secure domain as the original gateway. For the scope of this work, it is not assumed that the gateways in the secure domain share the same IP address or the same view of the network (connected to different DHCP servers etc.). Hence, failovers are not transparent to the client. The client may need to acquire a new IP address upon recovery. It is assumed that in this case, the original IKEv2 exchange used the Configuration Payload to acquire configuration information. The scope of this work involves the specification of stateless and stateful modes of recovery - in the stateless mode, the state is maintained on the client and no state is maintained in the infrastructure except on the serving gateway; in the stateful mode, the state is maintained in the infrastructure, either on a backup gateway or in a state store. The purpose of this working group is to define necessary payloads to support: 1) Negotiation of failover recovery capability 2) Server to client state transfer for stateless recovery 3) Client-gateway IKEv2 session resumption 4) IKEv2/IPsec state and corresponding format needed for recovery Support for capabilities beyond those listed above is out of scope: more precisely, specification of a gateway to gateway state transport protocol, protocol or payload extensions or modifications to support load balancing between gateways is out of scope. =============