Skip to main content

IP Security Maintenance and Extensions (ipsecme)

Group history

Date By Action
2024-03-19 Tero Kivinen
Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for Encrypted DNS was published as RFC.

Announcing Supported Authentication Methods in IKEv2 document is in IETF …
Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for Encrypted DNS was published as RFC.

Announcing Supported Authentication Methods in IKEv2 document is in IETF LC. IKEv2 support for per-resource Child SAs is now in the publication requested state.  Group Key Management is waiting for chairs and others to review and for shepherd writeup.

Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security, ESP Header Compression Profile, and IKEv2 2 extension for the ESP Header Compression (EHC) were adopted as WG drafts.

DSCP handling, mtu detection are waiting from confirmation from area director that they fit charter, before adoption calls.

IKEv2 Optional SA&TS Payloads in Child Exchange needs bit more implementation experience before it is ready for WGLC.
2024-02-23 Liz Flynn sent scheduled notification for IETF-119
2023-11-09 Tero Kivinen
Labeled IPsec document wes published as RFC. IKEv2 Configuration for Encrypted DNS are now in the RFC editor queue.

Group Key Management is waiting for …
Labeled IPsec document wes published as RFC. IKEv2 Configuration for Encrypted DNS are now in the RFC editor queue.

Group Key Management is waiting for chairs and others to review and for shepherd writeup.

Announcing Supported Authentication Methods in IKEv2 document is now in the publication requested state. 

Multi SA performance is now in working group last call, and there is long list of documents waiting for adoption call to the WG (will need to talk with area director, whether they are ok by the current charter).  Those include DSCP handling, mtu detection, diet-esp using static context header compression, revised cookie processing in the IKEv2 Protocol, and alternative approach for mixing preshared keys in IKEv2 for post-quantum security.
2023-11-09 Tero Kivinen
Labeled IPsec document wes published as RFC. IKEv2 Configuration for Encrypted DNS are now in the RFC editor queue.

Group Key Management is waiting for …
Labeled IPsec document wes published as RFC. IKEv2 Configuration for Encrypted DNS are now in the RFC editor queue.

Group Key Management is waiting for chairs and others to review and for shepherd writeup.

Announcing Supported Authentication Methods in IKEv2 document is now in the publication requested state. 

The Optional SA & TS Payload in Child Exchange, and multi sa performance are getting ready for the WGLC.

Multi SA performance is now in working group last call, and there is long list of documents waiting for adoption call to the WG (will need to talk with area director, whether they are ok by the current charter).  Those include DSCP handling, mtu detection, diet-esp using static context header compression, revised cookie processing in the IKEv2 Protocol, and alternative approach for mixing preshared keys in IKEv2 for post-quantum security.
2023-10-13 Liz Flynn sent scheduled notification for IETF-118
2023-07-26 Tero Kivinen
Multiple ke and deprecation of IKEv1 and obsolete algorithms documents were published as RFC. Labeled IPsec, and IKEv2 Configuration for Encrypted DNS are now in …
Multiple ke and deprecation of IKEv1 and obsolete algorithms documents were published as RFC. Labeled IPsec, and IKEv2 Configuration for Encrypted DNS are now in the RFC editor queue.

Group Key Management is waiting for chairs to read it through and do shepherd writeup.

Announcing Supported Authentication Methods in IKEv2 document was revised to fix issues found in WGLC, but there as not been any activity since. 

The Optional SA & TS Payload in Child Exchange, and multi sa performance are getting ready for the WGLC.

There are several new ideas for the work items to be adopted presented in the IETF 117 meeting, and WG adoption calls will be made for them later. Those include DSCP handling, mtu detection, diet-esp using static context header compression, anti replay subspaces, ikev2 with reliable transport, and multiple sequence counters.

Quite a lot of charter items have been finished, so we should start working on to do rechartering, and clear out old things already finished, and add some new work to the charter.
2023-06-30 Liz Flynn sent scheduled notification for IETF-117
2023-05-16 Roman Danyliw Changed milestone "G-DOI for IKEv2 to IESG", added draft-ietf-ipsecme-g-ikev2 to milestone, removed draft-yeung-g-ikev2 from milestone
2023-03-29 Tero Kivinen
IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) were published as RFC. Multiple ke is in the IESG evaluation, and deprecation of …
IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) were published as RFC. Multiple ke is in the IESG evaluation, and deprecation of IKEv1 and obsolete algorithms drafts are now in RFC editor queue. Labeled IPsec is in the IETF Last call, and IKEv2 Configuration for Encrypted DNS is waiting for AD followup.

Group Key Management still would benefit from more reviews, we got one partial one, and few people has promised to do reviews. Submit the draft for early directorate review to get more reviews for it, and then submit it for publication.

Announcing Supported Authentication Methods in IKEv2 got some comments, and needs a new revision. After that is done it is ready for 2nd WGLC.

The Optional SA & TS Payload in Child Exchange, and multi sa performance are adopted as WG drafts, and the there has been some implementation testing of the first one, which has resulted several new questions and change requests to the draft.

There has been some interest on the alternate approach for mixing preshared keys in ikev2 for post-quantum security, and there will be WG adoption call will be done after the open issues of the draft are solved, and new version is posted.

Quite a lot of charter items have been finished, so we should start working on to do rechartering, and clear out old things already finished, and add some new work to the charter.
2023-03-29 Tero Kivinen
IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) were published as RFC. Multiple ke is in the IESG evaluation, and deprecation of …
IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) were published as RFC. Multiple ke is in the IESG evaluation, and deprecation of IKEv1 and obsolete algorithms drafts are now in RFC editor queue. Labeled IPsec is in the IETF Last call, and IKEv2 Configuration for Encrypted DNS is waiting for AD followup.

Group Key Management still would benefit from more reviews, we got one partial one, and few people has promised to do reviews. Submit the draft for early directorate review to get more reviews for it, and then submit it for publication.

Announcing Supported Authentication Methods in IKEv2 got some comments, and needs a new revision. After that is done it is ready for 2nd WGLC.

The Optional SA & TS Payload in Child Exchange, and multi sa performance are adopted as WG drafts, and the there has been some implementation testing of the first one, which has resulted several new questions and change requests to the draft.

Quite a lot of charter items have been finished, so we should start working on to do rechartering, and clear out old things already finished, and add some new work to the charter.
2023-03-03 Liz Flynn sent scheduled notification for IETF-116
2023-02-16 Liz Flynn
2023-02-09 Tero Kivinen Changed milestone "The security labels support for IKEv2 to IESG", resolved as "Done"
2022-11-09 Tero Kivinen
IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) are in the RFC editor queue. Multiple ke is in the IESG evaluation, and …
IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis) are in the RFC editor queue. Multiple ke is in the IESG evaluation, and deprecation of IKEv1 and obsolete algorithms drafts is in IETF Last call. Labeled IPsec, and IKEv2 Configuration for Encrypted DNS are ready for publication and are waiting for shepherd writeup.

Group Key Management still would benefit from more reviews, but we might go forward with anyways. Announcing Supported Authentication Methods in IKEv2 is now in the WGLC.

The Optional SA & TS Payload in Child Exchange, and multi sa performance are now in the WG adoption calls.

Quite a lot of charter items have been finished, so we should start working on to do rechartering, and clear out old things already finished, and add some new work to the charter. Most likely try to work on charter update in November IETF meeting and do rechartering after that.
2022-10-14 Liz Flynn sent scheduled notification for IETF-115
2022-07-25 Tero Kivinen
Intermediate draft published as RFC 9242. Publication has been requested for IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis), multiple ke, …
Intermediate draft published as RFC 9242. Publication has been requested for IPTFS (base draft, and yang and mib drafts), TCP Encapsulation (rfc8229bis), multiple ke, and deprecation of IKEv1 and obsolete algorithms drafts. Labeled IPsec is ready for publication and will be submitted to the IESG immediately after this IETF.

Group Key Management still would benefit from more reviews, but we might go forward with anyways. IKEv2 configuration for Encrypted DNS should be ready for WGLC, but Announcing Supported Authentication Methods in IKEv2 needs more reviews before that.

The Optional SA & TS Payload in Child Exchange, and multi sa performance should be ready for WG adoption calls.

Quite a lot of charter items have been finished, so we should start working on to do rechartering, and clear out old things already finished, and add some new work to the charter. Most likely try to work on charter update in November IETF meeting and do rechartering after that.
2022-07-01 Liz Flynn sent scheduled notification for IETF-114
2022-06-21 Tero Kivinen Changed milestone "TCP-encapsulation guidelines document to IESG", resolved as "Done"
2022-06-21 Tero Kivinen Changed milestone "Postquantum cryptography document for IKEv2 to IESG", resolved as "Done"
2022-05-06 Jenny Bui Resources changed to tracker https://trac.ietf.org/trac/ipsecme/report/1 (Issue tracker), wiki https://trac.ietf.org/trac/ipsecme/wiki (Wiki), zulip https://zulip.ietf.org/#narrow/stream/237-ipsecme (Zulip stream) from tracker https://trac.ietf.org/trac/ipsecme/report/1 (Issue tracker), wiki https://trac.ietf.org/trac/ipsecme/wiki (Wiki)
2022-03-23 Amy K. Vezza Area Director changed to Roman Danyliw from Benjamin Kaduk
2022-03-23 Tero Kivinen
Intermediate draft is now approved by the IESG and is now in the RFC Editor queue. Publication has been requested for IPTFS drafts (base draft, …
Intermediate draft is now approved by the IESG and is now in the RFC Editor queue. Publication has been requested for IPTFS drafts (base draft, and yang and mib drafts), and the TCP Ecnapsulation (rfc8229bis) draft. Labeled IPsec and Deprecation of IKEv1 and obsoleted algorithms drafts are ready for publication and will be submitted to the IESG immediately after this IETF. Multiple Key Exchanges draft should also be ready for publication.

Group Key Management using IKEv2 has received some reviews during the WGLC, and should be ready for publication now. IKEv2 configuration for Encrypted DNS and Announcing Supported Authentication Methods in IKEv2 drafts are adopted as WG drafts.

There has been some work on the Optional SA & TS Payload in Child Exchange, and it might be ready to be adopted as WG draft.

There has not been that much happening with other new work, like modifying the base IKEv2 payload format, both to make it more compact for constrained devices, and allow it to go over 64kB payload limit.
2022-03-11 Tero Kivinen Changed milestone "The security labels support for IKEv2 to IESG", set due date to July 2022 from August 2020
2022-03-11 Tero Kivinen Changed milestone "G-DOI for IKEv2 to IESG", set due date to July 2022 from May 2020
2022-03-11 Tero Kivinen Changed milestone "TCP-encapsulation guidelines document to IESG", set due date to May 2022 from August 2020, added draft-ietf-ipsecme-rfc8229bis to milestone, removed draft-smyslov-ipsecme-tcp-guidelines from milestone
2022-03-11 Tero Kivinen
Changed milestone "Postquantum cryptography document for IKEv2 to IESG", set due date to April 2022 from May 2020, added draft-ietf-ipsecme-ikev2-intermediate, draft-ietf-ipsecme-ikev2-multiple-ke to milestone, removed …
Changed milestone "Postquantum cryptography document for IKEv2 to IESG", set due date to April 2022 from May 2020, added draft-ietf-ipsecme-ikev2-intermediate, draft-ietf-ipsecme-ikev2-multiple-ke to milestone, removed draft-tjhai-ipsecme-hybrid-qske-ikev2 from milestone
2022-03-11 Tero Kivinen Changed milestone "Traffic Flow Confidentiality document to IESG", resolved as "Done"
2022-03-11 Tero Kivinen Changed milestone "The internal address failure indication in IKEv2 to IESG", resolved as "Done"
2022-02-25 Liz Flynn sent scheduled notification for IETF-113
2021-11-08 Tero Kivinen
Publication has been requested for Intermediate draft. Base IPTFS draft had long discussion during the IETF 112 WG session and the final issues on it …
Publication has been requested for Intermediate draft. Base IPTFS draft had long discussion during the IETF 112 WG session and the final issues on it was resolved, so now the IPTFS drafts (base, yang and mib) should be ready for publication. Multiple Key Exchanges draft should also be ready for publication. Labeled IPsec and Deprecation of IKEv1 and obsoleted algorithms drafts are past WGLC and are getting ready for publication soon.

Group Key Management using IKEv2 did not get any reviews yet, but is now in the WGLC to get more reviews. RFC8229bis has been adopted as working group draft, but there has not been that much discussion about it yet. IKEv2 configuration for Encrypted DNS and Announcing Supported Authentication Methods in IKEv2 drafts are now in the progress of being adopted to the WG.

There has not been that much happening with other new work, like Optional SA & TS Payload in Child Exchange. modifying the base IKEv2 payload format, both to make it more compact for constrained devices, and allow it to go over 64kB payload limit.
2021-10-15 Liz Flynn sent scheduled notification for IETF-112
2021-07-02 Liz Flynn sent scheduled notification for IETF-111
2021-03-10 Tero Kivinen
IPv6 and IPv4 status codes draft was published as RFC8983. Intermediate and iptfs drafts are past WGLC. Labeled IPsec and Multiple Key Exchanges drafts …
IPv6 and IPv4 status codes draft was published as RFC8983. Intermediate and iptfs drafts are past WGLC. Labeled IPsec and Multiple Key Exchanges drafts are going to start WGLC soon. Group Key Management using IKEv2 would need to get few more reviews before WGLC.

Iptfs Yang model draft and RFC8229bis has been adopted as working group drafts. Iptfs MIB and IKEv1 graveyard drafts are currently in the process of being adopted as working group drafts.

New work includes IKEv2 configuration for Encrypted DNS, Optional SA & TS Payload in Child Exchange. There has also been some discussion about modifying the base IKEv2 payload format, both to make it more compact for constrained devices, and allow it to go over 64kB payload limit.
2021-03-10 Tero Kivinen
IPv6 and IPv4 status codes draft was published as RFC8983. Intermediate and iptfs drafts are past WGLC. Labeled IPsec and Multiple Key Exchanges drafts …
IPv6 and IPv4 status codes draft was published as RFC8983. Intermediate and iptfs drafts are past WGLC. Labeled IPsec and Multiple Key Exchanges drafts are going to start WGLC soon. Group Key Management using IKEv2 would need to get few more reviews before WGLC.

Iptfs Yang model draft and RFC8229bis has been adopted as working group drafts. Iptfs MIB and IKEv1 graveyard drafts are currently in the process of being adopted as working group drafts.

New work includes IKEv2 configuration for Encrypted DNS, Optional SA & TS Payload in Child Exchange. There has also been some discussion about modifying the base IKEv2 payload format, both to make it more compact for constrained devices, and allow it to go over 64kB payload limit.
There was one item that most likely will require rechartering, i.e., the IKEv2 configuration for Encrypted DNS.
2021-02-12 Liz Flynn sent scheduled notification for IETF-110
2020-11-18 Tero Kivinen
IPv6 and IPv4 status codes draft is in the IETF LC, Intermediate should be ready for WGLC.

Work on the traffic flow security is ongoing, …
IPv6 and IPv4 status codes draft is in the IETF LC, Intermediate should be ready for WGLC.

Work on the traffic flow security is ongoing, and it is getting ready. Still waiting for the transport area early review. Labeled IPsec should be getting ready for WGLC too.

RFC8229bis and auth announce are waiting for working group adoption calls.

There was some new work proposed, one for how to go beyond 64kB limit of IKEv2 payloads. This item was considered to be part of the charter as being part of the post quantum changes. Then there was two minor maintenance items, one about the how to revise the cookie processing to fix some corner cases, and another to mark some things as deprecated.

There was one item that most likely will require rechartering, i.e., the IKEv2 configuration for Encrypted DNS.
2020-10-23 Liz Flynn sent scheduled notification for IETF-109
2020-07-28 Tero Kivinen
Implicit IV was published as RFC8750, and  Mixing Preshared Keys in the IKEv2 for Post-quantum Security was published as RFC8784. Publication requested has …
Implicit IV was published as RFC8750, and  Mixing Preshared Keys in the IKEv2 for Post-quantum Security was published as RFC8784. Publication requested has been issued for IPv6 and IPv4 status codes.

For the existing work items, the IKEv2 intermediate is ready for WGLC, and Multiple KE should also be ready for WGLC. The G-IKEv2 draft had major rewrite to make it more inline with IKEv2. The IP traffic flow security draft is getting ready for early transport area review, and it is starting the process of getting protocol number to be allocated for it.  Labeled IPsec is mostly waiting to get some implementation experience, there are implementations in the process of being developed.

IKE1 IPsec graveyard draft is not yet adopted, and needs for authors to agree with ADs what to do with it, i.e., whether it will be WG item, or AD sponsored document.

Clarifications and Implementation guidelines for using TCP encapsulation in IKEv2 has been changed to be RFC8229bis instead of separate clarification document, and is now getting ready for WG adoption. There is new draft for the Announcing Supported Authentication Methods in IKEv2 charter item, which might be adopted as WG item after people have had time to review it.
2020-07-02 Liz Flynn sent scheduled notification for IETF-108
2020-02-28 Liz Flynn sent scheduled notification for IETF-107
2020-01-10 Cindy Morgan Deleted milestone "Postquantum cryptography document for IKEv2 to IESG", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "Signature algorithm negotiation for IKEv2 to IESG", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "The security labels support for IKEv2 to IESG", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "G-DOI for IKEv2 to IESG", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "The ESP on contrained network to IESG", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "The internal address failure indication in IKEv2 to IESG", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "IETF Last Call on partially quantum resistant IKEv2", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "IETF Last Call on Implicit IV in IPsec", not present in approved charter
2020-01-10 Cindy Morgan Deleted milestone "IETF Last Call on Split-DNS Configuration for IKEv2", not present in approved charter
2020-01-10 Cindy Morgan Added milestone "Signature algorithm negotiation for IKEv2 to IESG", due 2021-06-30, from approved charter
2020-01-10 Cindy Morgan Added milestone "The ESP on contrained network to IESG", due 2021-06-30, from approved charter
2020-01-10 Cindy Morgan Added milestone "Traffic Flow Confidentiality document to IESG", due 2020-11-30, from approved charter
2020-01-10 Cindy Morgan Added milestone "TCP-encapsulation guidelines document to IESG", due 2020-08-31, from approved charter
2020-01-10 Cindy Morgan Added milestone "The security labels support for IKEv2 to IESG", due 2020-08-31, from approved charter
2020-01-10 Cindy Morgan Added milestone "Postquantum cryptography document for IKEv2 to IESG", due 2020-05-31, from approved charter
2020-01-10 Cindy Morgan Added milestone "G-DOI for IKEv2 to IESG", due 2020-05-31, from approved charter
2020-01-10 Cindy Morgan Added milestone "The internal address failure indication in IKEv2 to IESG", due 2019-12-31, from approved charter
2019-11-20 Benjamin Kaduk Chairs changed to Tero Kivinen, Yoav Nir from David Waltermire, Tero Kivinen
2019-11-19 Tero Kivinen
Split DNS was published as RFC8598. Implicit IV is now in the RFC editor queue. Publication requested has been issued for Quantum resistance draft. …
Split DNS was published as RFC8598. Implicit IV is now in the RFC editor queue. Publication requested has been issued for Quantum resistance draft. We have finished last call for IPv6 and IPv4 status codes, and it should be ready for publication now.

For the existing work items, the IKEv2 intermediate should be ready for WGLC soon, and the labeled IPsec has had some back and forth design choices.

We have adopted hybrid QSKE, and G-DOI IKev2 drafts, and we also already adopted IP traffic flow security draft, even when it is waiting for charter update.

IKE1 IPsec graveyard draft is not yet adopted, but should be ready for adoption call, after it is updated to include instructions for IANA to mark all IKEv1 related registries as closed.

Clarifications and Implementation guidelines for using TCP encapsulation in IKEv2 is waiting for the charter update before it is adopted as WG document.

2019-11-19 Tero Kivinen
Split DNS was published as RFC8598. Implicit IV is now in the RFC editor queue. Publication requested has been issued for Quantim resistance draft. …
Split DNS was published as RFC8598. Implicit IV is now in the RFC editor queue. Publication requested has been issued for Quantim resistance draft. We have finished last call for IPv6 and IPv4 status codes, and it should be ready for publication now.

For the existing work items, the IKEv2 intermediate should be ready for WGLC soon, and the labeled ipsec has had some back and forth design choises.

We have adopted hybrid QSKE, and G-DOI IKev2 drafts, and we also already adopted IP traffic flow security draft, even when it is waiting for charter update.

IKE1 IPsec graveyard draft is not yet adopted, but should be ready for adoption call, after it is updated to include instructions for IANA to mark all IKEv1 related registries as closed.

Clarifications and Implementation guidelinesfor using TCP encapsulation in IKEv2 is waiting for the charter update before it is adopted as WG document.

2019-10-25 Liz Flynn sent scheduled notification for IETF-106
2019-07-23 Tero Kivinen
Split DNS was published as RFC8598. Implicit IV and Quantum resistance are still in the Publication Requested state.

IPv6 and IPv4 status codes is …
Split DNS was published as RFC8598. Implicit IV and Quantum resistance are still in the Publication Requested state.

IPv6 and IPv4 status codes is ready for WG LC, same should be true for IKEv2 intermediate and Labeled IPsec

The hybrid qske draft already have some implementation experience, and should be adopted as WG draft very soon.

G-DOI IKEv2 work will hopefully start going forward again as there are some external organizations which would like to refer to it, and it should be ready for WG Adoption call. The Post-quantum Key Exchanges for IKEv2 should also be ready for WG Adoption call.

We also have new draft about the optimizing rekeying case by omitting SA and TS payload. This is covered by the charter item to optimize IKEv2 for constrained devices, and might receive WG Adoption call quite soon.
2019-07-21 Tero Kivinen Changed milestone "IETF Last Call on partially quantum resistant IKEv2", resolved as "Done", added draft-ietf-ipsecme-qr-ikev2 to milestone
2019-07-21 Tero Kivinen Changed milestone "IETF Last Call on Implicit IV in IPsec", resolved as "Done", added draft-ietf-ipsecme-implicit-iv to milestone
2019-07-21 Tero Kivinen Changed milestone "IETF Last Call on Split-DNS Configuration for IKEv2", added draft-ietf-ipsecme-split-dns to milestone
2019-06-28 Liz Flynn sent scheduled notification for IETF-105
2019-03-28 Tero Kivinen Changed milestone "The security labels support for IKEv2 to IESG", added draft-ietf-ipsecme-labeled-ipsec to milestone
2019-03-28 Tero Kivinen Changed milestone "The internal address failure indication in IKEv2 to IESG", added draft-ietf-ipsecme-ipv6-ipv4-codes to milestone
2019-03-28 Tero Kivinen
EdDSA has been published as RFC8420, Split DNS finally managed to get approved by the IESG, and is now in the RFC editor queue. …
EdDSA has been published as RFC8420, Split DNS finally managed to get approved by the IESG, and is now in the RFC editor queue. Publication requested has been issued for Implicit IV. Quantum resistance should be ready for IETF last call.

About the new chartered items the ipv6 and ipv4 status codes is progressing nicely, and should be ready for WGLC soon. The labeled IPsec and Intermediate Exchange drafts were adopted as WG documents. The hybrid qske draft already have some implementation experience, and should be adopted as WG draft very soon.

G-DOI IKEv2 work will hopefully start going forward again as there are some external organizations which would like to refer to it. Diet ESP work is still work in progress. We also have one new draft to clean up some entries from the IANA registries, and to make statemenent that IKEv1 is really deprecated.
2019-03-27 Cindy Morgan Shepherding AD changed to Benjamin Kaduk from
2019-03-27 Tero Kivinen Changed milestone "IETF Last Call on Split-DNS Configuration for IKEv2", resolved as "Done"
2019-03-01 Liz Flynn sent scheduled notification for IETF-104
2018-11-07 Tero Kivinen
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS, and now the AD comments should be resolved. Implicit IV …
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS, and now the AD comments should be resolved. Implicit IV is past WGLC, and should be ready for publication really soon now (waiting for writeup). Quantum resistance is currently in WGLC. Rechartering is now in the IESG and should be finished soon.

We have already started working on the some of the new items in new charter, i.e., ESP compression, Post-quantum key exchanges (including making IKE_AUX exchange to allow transporting large objects before IKE_AUTH exchange) etc.
2018-10-19 Liz Flynn sent scheduled notification for IETF-103
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on partially quantum resistant IKEv2", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on Implicit IV in IPsec", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on Split-DNS Configuration for IKEv2", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on Using EdDSA in the IKEv2", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on TCP Encapsulation of IKE and IPsec", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on cryptographic algorithms for ESP / AH", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on cryptographic algorithms for IKEv2", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on Curve25519 and Curve448 for IKEv2", not present in approved charter
2018-09-17 Amy K. Vezza Deleted milestone "IETF Last Call on DDoS protection", not present in approved charter
2018-09-17 Amy K. Vezza Changed milestone "Postquantum cryptography document for IKEv2 to IESG", set state to active from review
2018-09-17 Amy K. Vezza Changed milestone "Signature algorithm negotiation for IKEv2 to IESG", set state to active from review
2018-09-17 Amy K. Vezza Changed milestone "The security labels support for IKEv2 to IESG", set state to active from review
2018-09-17 Amy K. Vezza Changed milestone "G-DOI for IKEv2 to IESG", set state to active from review
2018-09-17 Amy K. Vezza Changed milestone "The ESP on contrained network to IESG", set state to active from review
2018-09-17 Amy K. Vezza Changed milestone "The internal address failure indication in IKEv2 to IESG", set state to active from review
2018-09-17 Amy K. Vezza Added milestone "IETF Last Call on partially quantum resistant IKEv2", due 2018-05-31, from approved charter
2018-09-17 Amy K. Vezza Added milestone "IETF Last Call on Implicit IV in IPsec", due 2018-04-30, from approved charter
2018-09-17 Amy K. Vezza Added milestone "IETF Last Call on Split-DNS Configuration for IKEv2", due 2018-04-30, from approved charter
2018-07-18 Tero Kivinen
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS, and now the AD comments should be resolved. Implicit IV …
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS, and now the AD comments should be resolved. Implicit IV is past WGLC, and should be ready for publication really soon now (waiting for writeup). Quantum resistance is currently in WGLC. Rechartering is now in the IESG and should be finished soon.

We have already started working on the some of the new items in new charter, i.e., ESP compression, Post-quantum key exchanges (including making IKE_AUX exchange to allow transporting large objects before IKE_AUTH exchange) etc.
2018-07-03 Liz Flynn sent scheduled notification for IETF-102
2018-05-29 Tero Kivinen Changed milestone "IETF Last Call on partially quantum resistant IKEv2", set due date to August 2018 from May 2018
2018-05-29 Tero Kivinen Changed milestone "IETF Last Call on Implicit IV in IPsec", set due date to June 2018 from April 2018
2018-05-29 Tero Kivinen Changed milestone "IETF Last Call on Split-DNS Configuration for IKEv2", set due date to June 2018 from April 2018
2018-04-03 Tero Kivinen Added milestone "Postquantum cryptography document for IKEv2 to IESG" for review, due May 2019
2018-04-03 Tero Kivinen Added milestone "Signature algorithm negotiation for IKEv2 to IESG" for review, due March 2019
2018-04-03 Tero Kivinen Added milestone "The security labels support for IKEv2 to IESG" for review, due January 2019
2018-04-03 Tero Kivinen Added milestone "G-DOI for IKEv2 to IESG" for review, due December 2018
2018-04-03 Tero Kivinen Added milestone "The ESP on contrained network to IESG" for review, due December 2018
2018-04-03 Tero Kivinen Added milestone "The internal address failure indication in IKEv2 to IESG" for review, due October 2018
2018-04-03 Tero Kivinen Changed milestone "IETF Last Call on partially quantum resistant IKEv2", set due date to May 2018 from June 2017, added draft-ietf-ipsecme-qr-ikev2 to milestone
2018-04-03 Tero Kivinen Changed milestone "IETF Last Call on Implicit IV in IPsec", set due date to April 2018 from February 2017
2018-04-03 Tero Kivinen Changed milestone "IETF Last Call on Split-DNS Configuration for IKEv2", set due date to April 2018 from February 2017
2018-03-20 Tero Kivinen
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS and Implicit IV should be ready for it soon.. Quantum …
EdDSA is in the RFC editor queue,  Publication requested has been issued for Split DNS and Implicit IV should be ready for it soon.. Quantum resistance is also progressing should be getting ready soon also.

We are currently rechartering and adding new items to the charter.
2018-03-20 Tero Kivinen Changed milestone "IETF Last Call on Using EdDSA in the IKEv2", resolved as "Done"
2018-02-27 Liz Flynn sent scheduled notification for IETF-101
2017-11-15 Tero Kivinen
TCP encapsulation of IKE and IPsec packet was published as RFC. The mandatory to implement crypto algorithm drafts were also published as RFCs.

EdDSA is …
TCP encapsulation of IKE and IPsec packet was published as RFC. The mandatory to implement crypto algorithm drafts were also published as RFCs.

EdDSA is in the IETF LC, Split DNS and Implicit IV are now in WGLC. Quantum resistance is also progressing, and there is new interest about non-PSK based quantum resistance methods.

We are currently rechartering and adding new items to the charter.
2017-10-20 Stephanie McCammon sent scheduled notification for IETF-100
2017-07-18 Tero Kivinen
The DDoS protection draft and the Safecurvers are published as RFCs. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) have been approved by the …
The DDoS protection draft and the Safecurvers are published as RFCs. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) have been approved by the IESG. TCP Encapsulation is in RFC editor queue. EdDSA is ready for IETF LC.

Split DNS and Implicit IV were adopted and both of them should be getting ready for WGLC. Quantum resistance is also progressing, and there is new interest about non-PSK based quantum resistance methods.
2017-06-23 Stephanie McCammon sent scheduled notification for IETF-99
2017-03-29 Amy K. Vezza Shepherding AD changed to Eric Rescorla from Kathleen Moriarty
2017-03-29 Tero Kivinen
The DDoS protection draft and the Safecurvers are published as RFCs. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) have been approved by the …
The DDoS protection draft and the Safecurvers are published as RFCs. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) have been approved by the IESG. TCP Encapsulation is now in the IETF LC. EdDSA has done WGLC and should be ready for IETF LC soon.

Split DNS was adopted and should be getting ready for WGLC.  Implicit IV is in WG adoptation call. Quantum resistance is also progressing.
2017-03-28 Tero Kivinen
The DDoS protection draft and the Safecurvers are published as RFCs. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) have been approved by the …
The DDoS protection draft and the Safecurvers are published as RFCs. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) have been approved by the IESG. TCP Encapsulation is now in the IETF LC. EdDSA has done WGLC and should be ready for IETF LC soon.

Split DNS was adopted and should be getting ready for WGLC.  Implicit IV needs more reviews. Quantum resistance is also progressing.
2017-03-28 Tero Kivinen Changed milestone "IETF Last Call on TCP Encapsulation of IKE and IPsec", resolved as "Done"
2017-03-28 Tero Kivinen Changed milestone "IETF Last Call on cryptographic algorithms for ESP / AH", resolved as "Done"
2017-03-10 Tero Kivinen Changed milestone "IETF Last Call on cryptographic algorithms for IKEv2", resolved as "Done"
2017-03-10 Tero Kivinen Changed milestone "IETF Last Call on Curve25519 and Curve448 for IKEv2", resolved as "Done"
2017-03-10 Tero Kivinen Changed milestone "IETF Last Call on DDoS protection", resolved as "Done"
2017-03-03 Stephanie McCammon sent scheduled notification for IETF-98
2016-11-15 Tero Kivinen
Charter update was done.

The DDoS protection draft and the Safecurvers are in AUTH48 so will be out as RFCs soon. The mandatory to implement …
Charter update was done.

The DDoS protection draft and the Safecurvers are in AUTH48 so will be out as RFCs soon. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) are now ready for the IETF LC, and will be submitted for publication soon.

TCP Encapsulation, Split DNS are progressing, and should be getting ready. EdDSA was waiting for curdle, but can now go forward. Implicit IV should also be getting ready.
2016-10-21 Stephanie McCammon sent scheduled notification for IETF-97
2016-09-16 Kathleen Moriarty Changed milestone "IETF Last Call on partially quantum resistant IKEv2", set state to active from review, accepting new milestone
2016-09-16 Kathleen Moriarty Changed milestone "IETF Last Call on Implicit IV in IPsec", set state to active from review, accepting new milestone
2016-09-16 Kathleen Moriarty Changed milestone "IETF Last Call on Split-DNS Configuration for IKEv2", set state to active from review, accepting new milestone
2016-09-16 Kathleen Moriarty Changed milestone "IETF Last Call on Using EdDSA in the IKEv2", set state to active from review, accepting new milestone
2016-09-16 Kathleen Moriarty Changed milestone "IETF Last Call on TCP Encapsulation of IKE and IPsec", set state to active from review, accepting new milestone
2016-09-16 Kathleen Moriarty Changed milestone "IETF Last Call on cryptographic algorithms for ESP / AH", set state to active from review, accepting new milestone
2016-09-16 Tero Kivinen Added milestone "IETF Last Call on partially quantum resistant IKEv2" for review, due June 2017
2016-09-16 Tero Kivinen Added milestone "IETF Last Call on Implicit IV in IPsec" for review, due February 2017
2016-09-16 Tero Kivinen Added milestone "IETF Last Call on Split-DNS Configuration for IKEv2" for review, due February 2017
2016-09-16 Tero Kivinen Added milestone "IETF Last Call on Using EdDSA in the IKEv2" for review, due January 2017
2016-09-16 Tero Kivinen Added milestone "IETF Last Call on TCP Encapsulation of IKE and IPsec" for review, due December 2016
2016-09-16 Tero Kivinen Added milestone "IETF Last Call on cryptographic algorithms for ESP / AH" for review, due November 2016
2016-09-16 Tero Kivinen Changed milestone "IETF Last Call on cryptographic algorithms for IKEv2", set due date to November 2016 from March 2016
2016-09-16 Tero Kivinen Changed milestone "IETF Last Call on Curve25519 and Curve448 for IKEv2", set due date to October 2016 from March 2016
2016-09-16 Tero Kivinen Changed milestone "IETF Last Call on DDoS protection", set due date to October 2016 from March 2016
2016-07-20 Tero Kivinen
The DDoS protection draft is through WGLC, and should be going forward soon. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) got some discussion …
The DDoS protection draft is through WGLC, and should be going forward soon. The mandatory to implement crypto algorithm drafts (rfc4307bis, rfc7321bis) got some discussion and there will be at new versions submitted before they are ready. Safecurves document is also getting ready for the WGLC, so we should have several documents going out from the WG soon.

After that we had discussion about the TCP encapsulation of the IKEv2, and then requirements for the quantum resistance in the IKEv2, both which are new work to be chartered in the WG.

We will be updating our charter to add new items (MIT algoritm updates, new algorithms, quantum resistance, TCP encapsulation, split dns, implicit IV).
2016-06-24 Stephanie McCammon sent scheduled notification for IETF-96
2016-05-31 Kathleen Moriarty Chairs changed to D. Waltermire, Tero Kivinen from D. Waltermire, Paul Hoffman
2016-03-11 Stephanie McCammon sent scheduled notification for IETF-95
2015-12-10 Kathleen Moriarty Changed milestone "IETF Last Call on Curve25519 and Curve448 for IKEv2", set state to active from review, accepting new milestone
2015-12-10 Kathleen Moriarty Changed milestone "IETF Last Call on cryptographic algorithms for IKEv2", set state to active from review, accepting new milestone
2015-12-10 Paul E. Hoffman Added milestone "IETF Last Call on Curve25519 and Curve448 for IKEv2" for review, due March 2016
2015-12-10 Paul E. Hoffman Added milestone "IETF Last Call on cryptographic algorithms for IKEv2" for review, due March 2016
2015-12-10 Paul E. Hoffman Changed milestone "IETF Last Call on DDoS protection", set due date to March 2016 from August 2015, added draft-ietf-ipsecme-ddos-protection to milestone
2015-12-10 Paul E. Hoffman Deleted milestone "IETF Last Call on Chacha20-Poly1305"
2015-12-10 Paul E. Hoffman Deleted milestone "IETF Last Call on null authentication"
2015-09-15 David Waltermire Changed milestone "IETF Last Call on null authentication", resolved as "Done", added draft-ietf-ipsecme-ikev2-null-auth to milestone
2015-09-04 Cindy Morgan Chairs changed to David Waltermire, Paul Hoffman from Paul Hoffman, Yaron Sheffer
2015-06-26 Stephanie McCammon sent scheduled notification for IETF-93
2015-06-26 Stephanie McCammon sent scheduled notification for IETF-93
2015-06-15 Cindy Morgan Mailing list archive changed to https://mailarchive.ietf.org/arch/browse/ipsec/ from http://www.ietf.org/mail-archive/web/ipsec/
2015-03-28 Paul E. Hoffman Deleted milestone "IETF last call on new mandatory-to-implement algorithms"
2015-03-28 Paul E. Hoffman Deleted milestone "IETF last call on IKE fragmentation solution"
2015-03-28 Paul E. Hoffman Deleted milestone "IETF Last Call on large scale VPN use cases and requirements"
2015-03-28 Paul E. Hoffman Added milestone "IETF Last Call on Chacha20-Poly1305" for review, due May 2015
2015-03-28 Paul E. Hoffman Changed milestone "IETF Last Call on null authentication", set due date to April 2015 from December 2015
2015-02-27 Stephanie McCammon sent scheduled notification for IETF-92
2015-01-09 Amy K. Vezza Deleted milestone "IETF Last Call on large scale VPN protocol", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "IETF last call on new mandatory-to-implement algorithms", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "IETF last call on IKE fragmentation solution", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "IETF Last Call on large scale VPN use cases and requirements", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on EAP-only authentication", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on quick crash discovery", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on HA requirements", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on ESP NULL traffic visibility", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on IKEv2bis", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on redirect", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on session resumption", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on IPsec roadmap", not present in approved charter
2015-01-09 Amy K. Vezza Deleted milestone "WG last call on IPv6 configuration payloads", not present in approved charter
2015-01-09 Amy K. Vezza Added milestone "IETF Last Call on null authentication", due 2015-12-31, from approved charter
2015-01-09 Amy K. Vezza Added milestone "IETF Last Call on DDoS protection", due 2015-08-31, from approved charter
2015-01-09 Amy K. Vezza Added milestone "IETF last call on new mandatory-to-implement algorithms", due 2014-01-31, from approved charter
2015-01-09 Amy K. Vezza Added milestone "IETF last call on IKE fragmentation solution", due 2014-01-31, from approved charter
2015-01-09 Amy K. Vezza Added milestone "IETF Last Call on large scale VPN use cases and requirements", due 2014-01-31, from approved charter
2014-07-01 Stephanie McCammon sent scheduled notification for IETF-90
2014-06-23 Stephanie McCammon sent scheduled notification for IETF-90
2014-03-05 Cindy Morgan Shepherding AD changed to Kathleen Moriarty from None
2013-06-06 Cindy Morgan Changed milestone "IETF Last Call on large scale VPN protocol", set due date to June 2014 from June 2013
2013-06-06 Cindy Morgan Added milestone "IETF last call on new mandatory-to-implement algorithms", due February 2014
2013-06-06 Cindy Morgan Added milestone "IETF last call on IKE fragmentation solution", due December 2013
2013-06-06 Cindy Morgan Changed milestone "IETF Last Call on large scale VPN use cases and requirements", set due date to June 2013 from November 2012
2013-06-06 Cindy Morgan Deleted milestone "IETF LC out-of-band public key draft"
2013-06-06 Cindy Morgan Deleted milestone "IETF LC new mandatory-to-implement algorithms"
2013-06-06 Cindy Morgan Deleted milestone "IETF Last Call on IKE over TCP"
2013-06-06 Cindy Morgan Changed milestone "WG last call on EAP-only authentication", set due date to January 2011 from January 2011
2013-06-06 Cindy Morgan Changed milestone "WG last call on quick crash discovery", set due date to December 2010 from December 2010
2013-06-06 Cindy Morgan Changed milestone "WG last call on HA requirements", set due date to August 2010 from August 2010
2013-06-06 Cindy Morgan Changed milestone "WG last call on IKEv2bis", set due date to March 2009 from March 2009
2013-06-06 Cindy Morgan Changed milestone "WG last call on session resumption", set due date to January 2009 from January 2009
2013-06-06 Cindy Morgan Changed milestone "WG last call on IPsec roadmap", set due date to December 2008 from December 2008
2013-06-06 Cindy Morgan Changed milestone "WG last call on IPv6 configuration payloads", set due date to December 2008 from December 2008
2011-01-30 (System) Changed milestone "WG last call on quick crash discovery", resolved as "Done"
2010-06-16 (System) Changed milestone "WG last call on EAP-only authentication", resolved as "Done"
2010-06-16 (System) Changed milestone "WG last call on HA requirements", resolved as "Done"
2010-02-24 (System) Changed milestone "WG last call on ESP NULL traffic visibility", resolved as "Done"
2010-02-24 (System) Changed milestone "WG last call on IKEv2bis", resolved as "Done"
2010-02-24 (System) Changed milestone "WG last call on redirect", resolved as "Done"
2010-02-24 (System) Changed milestone "WG last call on session resumption", resolved as "Done"
2010-02-24 (System) Changed milestone "WG last call on IPsec roadmap", resolved as "Done"
2010-02-24 (System) Changed milestone "WG last call on IPv6 configuration payloads", resolved as "Done"
2008-07-08 (System) Started group
2008-06-09 (System) Proposed group