IP Security Protocol (ipsec)

NOTE: This charter is a snapshot of that in effect at the time of the 38th IETF Meeting in Memphis, Tennessee. It may now be out-of-date.

Chair(s): 

Ran Atkinson <rja@inet.org>
Paul Lambert <palamber@us.oracle.com>

Security Area Director(s): 

Jeffrey Schiller <jis@mit.edu>

Mailing Lists: 

General Discussion:ipsec@tis.com
To Subscribe: ipsec-request@tis.com
Archive: ftp://ftp.tis.com/pub/lists/ipsec

Description of Working Group: 

Rapid advances in communication technology have accentuated the need for security in the Internet. The IP Security Protocol Working Group (IPSEC) will develop mechanisms to protect client protocols of IP. A security protocol in the network layer will be developed to provide cryptographic security services that will flexibly support combinations of authentication, integrity, access control, and confidentiality. 

The protocol formats for the IP Authentication Header (AH) and IP Encapsulating Security Payload (ESP) will be independent of the cryptographic algorithm. The preliminary goals will specifically pursue host-to-host security followed by subnet-to-subnet and host-to-subnet topologies. 

Protocol and cryptographic techniques will also be developed to support the key management requirements of the network layer security. The Internet Key Management Protocol (IKMP) will be specified as an application layer protocol that is independent of the lower layer security protocol. The protocol will be based on the ISAKMP/Oakley work begun in:

draft-ietf-ipsec-isakmp-05.txt, 
draft-ietf-ipsec-oakley-01.txt, and 
draft-ietf-ipsec-isakmp-oakley-00.txt

A follow on work item may incorporate mechanisms based on SKIP as defined in: 

draft-ietf-ipsec-skip-07.txt 

and related documents. Flexibility in the protocol will allow eventual support of Key Distribution Centers (KDC), such as are used by Kerberos.

Goals and Milestones:

Done 

Submit Internet-Draft of Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done 

Post as an Internet-Draft the IP Security Protocol.

Done 

Post as an Internet-Draft the specification for Internet key management.

Done 

Submit the Internet Key Management Protocol to the IESG for consideration as a Proposed Standard.

Done 

Conduct initial interoperability testing of Encapsulating Security payload (ESP) and Authentication Header (AH).

Done 

Submit revised Internet-Drafts for ESP, AH, and IP Security Architecture.

Done 

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Dec 96 

Submit revised Internet-Drafts of IP Security Architecture, ESP, and AH to the IESG for consideration as Draft Standards.

Done 

Submit Internet-Draft of the Internet Key Management Protocol (IKMP) based on ISAKMP/Oakley to the IESG for consideration as a Proposed Standard.

Jul 97 

Submit IKMP to IESG for consideration as a Draft Standard.

Internet-Drafts: 

· Internet Security Association and Key Management Protocol (ISAKMP) 

· Simple Key-Management For Internet Protocols (SKIP) 

· X.509 Encoding of Diffie-Hellman Public Values 

· SKIP Algorithm Discovery Protocol 

· SKIP Extensions for IP Multicast 

· SKIP extension for Perfect Forward Secrecy (PFS) 

· Combined DES-CBC, HMAC and Replay Prevention Security Transform 

· HMAC-SHA IP Authentication with Replay Prevention 

· Security Architecture for the Internet Protocol 

· The resolution of ISAKMP with Oakley 

· Combined 3DES-CBC, HMAC and Replay Prevention Security Transform 

· The Internet IP Security Domain of Interpretation for ISAKMP 

· Inline Keying within the ISAKMP Framework. 

· Implementation of Virtual Private Network (VPNs) with IP Security 

· HMAC-SHA-1-96 IP Authentication with Replay Prevention 

· HMAC-MD5-96 IP Authentication with Replay Prevention 

· IP Encapsulating Security Payload (ESP) 

· IP Authentication Header

Request For Comments:

RFC 

Status 

Title

RFC1825 

PS 

Security Architecture for the Internet Protocol

RFC1827 

PS 

IP Encapsulating Security Payload (ESP)

RFC1826 

PS 

IP Authentication Header

RFC1828 

PS 

IP Authentication using Keyed MD5

RFC1829 

PS 

The ESP DES-CBC Transform

RFC2085 

PS 

HMAC-MD5 IP Authentication with Replay Prevention

RFC2104 

HMAC: Keyed-Hashing for Message Authentication

Current Meeting Report

None Received 

Slides

None Received 

Attendees List

TOC