xrtftr~1.htm

Current Meeting Report
Slides
Attendees List

IP Security Protocol (ipsec)

NOTE: This charter is a snapshot of that in effect at the time of the 38th IETF Meeting in Memphis, Tennessee. It may now be out-of-date.

Chair(s):

Ran Atkinson <rja@inet.org>
Paul Lambert <palamber@us.oracle.com>

Security Area Director(s):

Jeffrey Schiller <jis@mit.edu>

Mailing Lists:

General Discussion:ipsec@tis.com
To Subscribe: ipsec-request@tis.com
Archive: ftp://ftp.tis.com/pub/lists/ipsec

Description of Working Group:

Rapid advances in communication technology have accentuated the need for security in the Internet. The IP Security Protocol Working Group (IPSEC) will develop mechanisms to protect client protocols of IP. A security protocol in the network layer will be developed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality.

The protocol formats for the IP Authentication Header (AH) and IP Encapsulating Security Payload (ESP) will be independent of the cryptographic algorithm. The preliminary goals will specifically pursue host-to-host security followed by subnet-to-subnet and host-to-subnet topologies.

Protocol and cryptographic techniques will also be developed to support the key management requirements of the network layer security. The Internet Key Management Protocol (IKMP) will be specified as an application layer protocol that is independent of the lower layer security protocol. The protocol will be based on the ISAKMP/Oakley work begun in:

draft-ietf-ipsec-isakmp-05.txt, 
draft-ietf-ipsec-oakley-01.txt, and 
draft-ietf-ipsec-isakmp-oakley-00.txt

A follow on work item may incorporate mechanisms based on SKIP as defined in:

draft-ietf-ipsec-skip-07.txt

and related documents. Flexibility in the protocol will allow eventual support of Key Distribution Centers (KDC), such as are used by Kerberos.

Goals and Milestones:

Done

Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done

Post as an Internet-Draft the IP Security Protocol.

Done

Post as an Internet-Draft the specification for Internet key management.

Done

Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done

Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).

Done

Submit revised Internet-Drafts for ESP, AH, and IP Security Architecture.

Done

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Dec 96

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Done

Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.

Jul 97

Submit IKMP to IESG for consideration as a Draft Standard.

Internet-Drafts:

· Internet Security Association and Key Management Protocol (ISAKMP)

· Simple Key-Management For Internet Protocols (SKIP)

· X.509 Encoding of Diffie-Hellman Public Values

· SKIP Algorithm Discovery Protocol

· SKIP Extensions for IP Multicast

· SKIP extension for Perfect Forward Secrecy (PFS)

· Combined DES-CBC, HMAC and Replay Prevention Security Transform

· HMAC-SHA IP Authentication with Replay Prevention

· Security Architecture for the Internet Protocol

· The resolution of ISAKMP with Oakley

· Combined 3DES-CBC, HMAC and Replay Prevention Security Transform

· The Internet IP Security Domain of Interpretation for ISAKMP

· Inline Keying within the ISAKMP Framework.

· Implementation of Virtual Private Network (VPNs) with IP Security

· HMAC-SHA-1-96 IP Authentication with Replay Prevention

· HMAC-MD5-96 IP Authentication with Replay Prevention

· IP Encapsulating Security Payload (ESP)

· IP Authentication Header

Request For Comments:

RFC

Status

Title

RFC1825

PS

Security Architecture for the Internet Protocol

RFC1827

PS

IP Encapsulating Security Payload (ESP)

RFC1826

PS

IP Authentication Header

RFC1828

PS

IP Authentication using Keyed MD5

RFC1829

PS

The ESP DES-CBC Transform

RFC2085

PS

HMAC-MD5 IP Authentication with Replay Prevention

RFC2104

I

HMAC: Keyed-Hashing for Message Authentication

Current Meeting Report

None Received

Slides

None Received

Done		Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Done		Post as an Internet-Draft the IP Security Protocol.
Done		Post as an Internet-Draft the specification for Internet key management.
Done		Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.
Done		Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).
Done		Submit revised Internet-Drafts for ESP, AH, and IP Security Architecture.
Done		Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.
Dec 96		Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.
Done		Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.
Jul 97		Submit IKMP to IESG for consideration as a Draft Standard.

RFC	Status	Title

RFC1825	PS	Security Architecture for the Internet Protocol
RFC1827	PS	IP Encapsulating Security Payload (ESP)
RFC1826	PS	IP Authentication Header
RFC1828	PS	IP Authentication using Keyed MD5
RFC1829	PS	The ESP DES-CBC Transform
RFC2085	PS	HMAC-MD5 IP Authentication with Replay Prevention
RFC2104	I	HMAC: Keyed-Hashing for Message Authentication

IP Security Protocol (ipsec)

Current Meeting Report

Slides

Attendees List