There has been some need for tools making debugging IPsec configurations easier, and the working group will work on documents to help that. One such protocol could be esp-ping.
I would like to add something around: Other protocols aim at handling fragmentation as well as the management of DSCP. draft-liu-ipsecme-ikev2-mtu-dect <https://datatracker.ietf.org/doc/draft-liu-ipsecme-ikev2-mtu-dect/> and draft-mglt-ipsecme-dscp-np <https://datatracker.ietf.org/doc/draft-mglt-ipsecme-dscp-np/> are expected to be considered as starting points. Yours, Daniel On Sat, Nov 16, 2024 at 7:52 AM Tero Kivinen <kivi...@iki.fi> wrote: > We have now only one item left in our charter (diet-esp and > diet-esp-extension), so it is now time to define new items for the > charter. > > Here is my first proposal. I added the items I have heard people have > said they want to work on (and where we already have some drafts out). > If there is any other items to be added, send email to the list with > new subject and provide text to be added, and I want people who > support those additions to reply to that thread. > > If you think this charter text would be fine, reply to this email, and > if you think something should be removed say that also in your reply. > > I hope we can finish this discussion before the end of month, i.e., in > two weeks. > > ---------------------------------------------------------------------- > The IPsec suite of protocols includes IKEv1 (RFC 2409 and associated > RFCs, IKEv1 is now obsoleted), IKEv2 (RFC 7296), the IPsec security > architecture (RFC 4301), AH (RFC 4302), and ESP (RFC 4303). IPsec is > widely deployed in VPN gateways, VPN remote access clients, and as a > substrate for host-to-host, host-to-network, and network-to-network > security. > > The IPsec Maintenance and Extensions Working Group continues the work > of the earlier IPsec Working Group which was concluded in 2005. Its > purpose is to maintain the IPsec standard and to facilitate discussion > of clarifications, improvements, and extensions to IPsec, mostly to > ESP and IKEv2. The working group also serves as a focus point for > other IETF Working Groups who use IPsec in their own protocols. > > The current work items include: > > Postquantum Cryptography brings new authentication methods. The > working group will develop a solution, that allows adding Postquantum > authentication methods. The solution will allow post quantum > authentication methods to be performed in parallel with (or instead > of) the existing authentication methods. > > The cryptographic algorithm implementation requirements and usage > guidance documents for IKEv2, ESP and AH was last time updated in > 2017. The working group will work on the updating these documents. > This may also include defining how to use additional algorithms for > IPsec in separate documents (for example sha3, and including post > quantum algorithms). > > There has been some need for tools making debugging IPsec > configurations easier, and the working group will work on documents to > help that. One such protocol could be esp-ping. > > The ESPv3 protocol was defined in 2005 and there has been seen that > there might be some need to make enhancements to it. The working group > will analyze the possible problems and work on solving them. This may > include updating ESP, AH, and/or WESP standards. > -- > kivi...@iki.fi > > _______________________________________________ > IPsec mailing list -- ipsec@ietf.org > To unsubscribe send an email to ipsec-le...@ietf.org > -- Daniel Migault Ericsson
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
