Hi, the new version addresses comments from AD review and also contains some clean-ups: - as suggested by AD and WG members, AH + ESP is now "MUST NOT" - the negotiation of Key Wrap Algorithm is done via IKEv2 transforms (instead of transform attributes) - this is to follow the protocol model when all enumerated via IANA registries parameters are negotiated via transforms - initial filling for Key Wrap Algorithm registry is fixed to take into considerations several possible key sizes for AES - few clarifications of using key wrapping are added - "group-wise policy" is changed to "group-wide policy" - contributors' and authors' addresses are cleaned up - found typos and grammar issues are fixed
Regards, Valery & Brian. > Internet-Draft draft-ietf-ipsecme-g-ikev2-17.txt is now available. It is a > work item of > the IP Security Maintenance and Extensions (IPSECME) WG of the IETF. > > Title: Group Key Management using IKEv2 > Authors: Valery Smyslov > Brian Weis > Name: draft-ietf-ipsecme-g-ikev2-17.txt > Pages: 72 > Dates: 2024-11-19 > > Abstract: > > This document presents an extension to the Internet Key Exchange > version 2 (IKEv2) protocol for the purpose of a group key management. > The protocol is in conformance with the Multicast Security (MSEC) key > management architecture, which contains two components: member > registration and group rekeying. Both components are required for a > GCKS (Group Controller/Key Server) to provide authorized Group > Members (GMs) with IPsec group security associations. The group > members then exchange IP multicast or other group traffic as IPsec > packets. > > This document obsoletes RFC 6407. This documents also updates RFC > 7296 by renaming a transform type 5 from "Extended Sequence Numbers > (ESN)" to the "Anti-Replay Protection (ARP)" and by renaming IKEv2 > authentication method 0 from "Reserved" to "NONE". > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-g-ikev2/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-g-ikev2-17 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-g-ikev2-17 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > IPsec mailing list -- ipsec@ietf.org > To unsubscribe send an email to ipsec-le...@ietf.org _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
