Hi Tero,
thank you for the initial proposal for the charter. It looks good.
That said I think that not all current charter items are fulfilled.
While we define how to use PQ KEMs in IKEv2, the issues
with large keys (beyond 64 Kbytes) are not addressed.
As far as I know, some EU security authorities (and not only in EU)
prefer using conservative algorithms, like Classic McEliece.
If we want to ever support them, then at least two issues should be addressed:
1. Limited IKEv2 payload size (can be addressed with
draft-nir-ipsecme-big-payload)
2. Transport issues with transferring large keys maintaining ESP performance
(can be addressed with draft-smyslov-ipsecme-ikev2-reliable-transport)
Regards,
Valery.
> We have now only one item left in our charter (diet-esp and
> diet-esp-extension), so
> it is now time to define new items for the charter.
>
> Here is my first proposal. I added the items I have heard people have said
> they
> want to work on (and where we already have some drafts out).
> If there is any other items to be added, send email to the list with new
> subject and
> provide text to be added, and I want people who support those additions to
> reply to
> that thread.
>
> If you think this charter text would be fine, reply to this email, and if you
> think
> something should be removed say that also in your reply.
>
> I hope we can finish this discussion before the end of month, i.e., in two
> weeks.
>
> ----------------------------------------------------------------------
> The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated RFCs,
> IKEv1 is now obsoleted), IKEv2 (RFC 7296), the IPsec security architecture
> (RFC
> 4301), AH (RFC 4302), and ESP (RFC 4303). IPsec is widely deployed in VPN
> gateways, VPN remote access clients, and as a substrate for host-to-host,
> host-to-
> network, and network-to-network security.
>
> The IPsec Maintenance and Extensions Working Group continues the work of the
> earlier IPsec Working Group which was concluded in 2005. Its purpose is to
> maintain the IPsec standard and to facilitate discussion of clarifications,
> improvements, and extensions to IPsec, mostly to ESP and IKEv2. The working
> group also serves as a focus point for other IETF Working Groups who use IPsec
> in their own protocols.
>
> The current work items include:
>
> Postquantum Cryptography brings new authentication methods. The working group
> will develop a solution, that allows adding Postquantum authentication
> methods.
> The solution will allow post quantum authentication methods to be performed in
> parallel with (or instead
> of) the existing authentication methods.
>
> The cryptographic algorithm implementation requirements and usage guidance
> documents for IKEv2, ESP and AH was last time updated in 2017. The working
> group will work on the updating these documents.
> This may also include defining how to use additional algorithms for IPsec in
> separate documents (for example sha3, and including post quantum algorithms).
>
> There has been some need for tools making debugging IPsec configurations
> easier, and the working group will work on documents to help that. One such
> protocol could be esp-ping.
>
> The ESPv3 protocol was defined in 2005 and there has been seen that there
> might
> be some need to make enhancements to it. The working group will analyze the
> possible problems and work on solving them. This may include updating ESP, AH,
> and/or WESP standards.
> --
> kivi...@iki.fi
>
> _______________________________________________
> IPsec mailing list -- ipsec@ietf.org
> To unsubscribe send an email to ipsec-le...@ietf.org
_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org
