headers
Internet-Drafts | 10 Nov 2006 21:50
Picon
Favicon

I-D ACTION:draft-ietf-ipsp-ikeaction-mib-02.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPsec Security Policy IKE Action MIB
	Author(s)	: W. Hardaker, et al.
	Filename	: draft-ietf-ipsp-ikeaction-mib-02.txt
	Pages		: 67
	Date		: 2006-11-10
	
This document defines a SMIv2 Management Information Base (MIB)
   module for configuring Internet Key Exchange (IKE) actions for the
   security policy database (SPD) of a device that uses the IPsec
   Security Policy Database Configuration MIB for configuring the IKE
   protocol actions on that device.  The IPsec IKE Action MIB integrates
   directly with the IPsec Security Policy Database Configuration MIB
   and it is meant to work within the framework of an action referenced
   by that MIB.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-ikeaction-mib-02.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of 
the message. 
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After
(Continue reading)

Permalink | Reply | 2 comments |
headers
Internet-Drafts | 10 Nov 2006 21:50
Picon
Favicon

I-D ACTION:draft-ietf-ipsp-ipsecaction-mib-02.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPsec Security Policy IPsec Action MIB
	Author(s)	: W. Hardaker, et al.
	Filename	: draft-ietf-ipsp-ipsecaction-mib-02.txt
	Pages		: 46
	Date		: 2006-11-10
	
This document defines an SMIv2 Management Information Base (MIB)
   module for configuring IPsec actions for the security policy database
   (SPD) of a device that uses the IPsec Security Policy Database
   Configuration MIB for configuring the IPSec protocol actions on that
   device.  The IPsec Action MIB integrates directly with the IPsec
   Security Policy Database Configuration MIB and it is meant to work
   within the framework of an action referenced by that MIB.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-ipsecaction-mib-02.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of 
the message. 
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 11 Apr 2006 00:50
Picon
Favicon

I-D ACTION:draft-ietf-ipsp-spd-mib-06.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPsec Security Policy Database Configuration MIB
	Author(s)	: W. Hardaker, et al.
	Filename	: draft-ietf-ipsp-spd-mib-06.txt
	Pages		: 70
	Date		: 2006-4-10
	
This document defines an SMIv2 Management Information Base (MIB)
module for configuring the security policy database of a device
implementing the IPsec protocol.  The policy-based packet filtering
and the corresponding execution of actions described in this document
are of a more general nature than for IPsec configuration alone, such
as for configuration of a firewall.  This MIB module is designed to
be extensible with other enterprise or standards based defined packet
filters and actions.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-06.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsp-spd-mib-06.txt".
(Continue reading)

Permalink | Reply | 0 comments |
headers
The IESG | 6 Apr 2006 17:17
Picon
Favicon

Last Call: 'IPsec Security Policy Database Configuration MIB' to Proposed Standard

The IESG has received a request from the IP Security Policy WG to consider the following document:

- 'IPsec Security Policy Database Configuration MIB '
   <draft-ietf-ipsp-spd-mib-05.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the
iesg <at> ietf.org or ietf <at> ietf.org mailing lists by 2006-04-20.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-05.txt

_______________________________________________
IETF-Announce mailing list
IETF-Announce <at> ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
Permalink | Reply | 0 comments |
headers
Internet-Drafts | 3 Mar 2006 21:50
Picon
Favicon

I-D ACTION:draft-ietf-ipsp-spd-mib-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPsec Security Policy Database Configuration MIB
	Author(s)	: W. Hardaker, et al.
	Filename	: draft-ietf-ipsp-spd-mib-05.txt
	Pages		: 70
	Date		: 2006-3-3
	
This document defines an SMIv2 Management Information Base (MIB)
module for configuring the security policy database of a device
implementing the IPsec protocol.  The policy-based packet filtering
and the corresponding execution of actions described in this document
are of a more general nature than for IPsec configuration alone, such
as for configuration of a firewall.  This MIB module is designed to
be extensible with other enterprise or standards based defined packet
filters and actions.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-05.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsp-spd-mib-05.txt".
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 31 Jan 2006 16:50
Picon
Favicon

I-D ACTION:draft-ietf-ipsp-spd-mib-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPsec Security Policy Database Configuration MIB
	Author(s)	: W. Hardaker, et al.
	Filename	: draft-ietf-ipsp-spd-mib-04.txt
	Pages		: 69
	Date		: 2006-1-31
	
This document defines an SMIv2 Management Information Base (MIB)
   module for configuring the security policy database of a device
   implementing the IPsec protocol.  The policy-based packet filtering
   and the corresponding execution of actions described in this document
   are of a more general nature than for IPsec configuration alone, such
   as for configuration of a firewall.  This MIB module is designed to
   be extensible with other enterprise or standards based defined packet
   filters and actions.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-04.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsp-spd-mib-04.txt".
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 21 Oct 2005 16:50
Picon
Favicon

I-D ACTION:draft-ietf-ipsp-spd-mib-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPsec Security Policy Database Configuration MIB
	Author(s)	: W. Hardaker, et al.
	Filename	: draft-ietf-ipsp-spd-mib-03.txt
	Pages		: 69
	Date		: 2005-10-21
	
This document defines an SMIv2 Management Information Base (MIB)
   module for configuring the security policy database of a device
   implementing the IPsec protocol.  The policy-based packet filtering
   and the corresponding execution of actions described in this document
   are of a more general nature than for IPsec configuration alone, such
   as for configuration of a firewall.  This MIB module is designed to
   be extensible with other enterprise or standards based defined packet
   filters and actions.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-spd-mib-03.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsp-spd-mib-03.txt".
(Continue reading)

Permalink | Reply | 0 comments |
headers
The IESG | 21 Mar 2005 20:28
Picon
Favicon

WG Action: Conclusion of IP Security Policy (ipsp)

The IP Security Policy (ipsp) WG in the Security Area has concluded.

The IESG contact persons are Russell Housley and Sam Hartman.

The mailing list will remain active.

The MIB and PIB work that was begun in this working group may
continue, resulting in individual submissions.

_______________________________________________
IETF-Announce mailing list
IETF-Announce <at> ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
Permalink | Reply | 0 comments |
headers
The IESG | 16 Mar 2005 21:57
Picon
Favicon

WG Action: Conclusion of IP Security Policy (ipsp)


The IP Security Policy (ipsp) WG in the Security Area has concluded.

The IESG contact persons are Russell Housley and Sam Hartman.

The mailing list will remain active.
Permalink | Reply | 3 comments |
headers
Maxim Frolov | 7 Mar 2005 17:44
Picon
Favicon

IPsec SA mode per transform in IPSEC-IKEACTION-MIB


Hello,

How can I define an IPsec action which points to IPsec proposals with 
different modes (tunnel or transport) for IPsec SA to be negotiated?

For example, consider the following proposal list:
"((ESP-3DES-tunnel OR ESP-DES-tunnel) AND (AH-SHA1-transport)) OR 
(ESP-3DES-tunnel OR ESP-3DES-transport)":

Proposal1 (ESP):
	Transform1 (3DES, tunnel)
	Transform2 (DES, tunnel)
Proposal1 (AH):
	Transform1 (SHA1, transport)
Proposal2 (ESP)
	Transform1 (3DES, tunnel)
	Transform2 (3DES, transport)

Are these proposals expressable by IPSEC-IKEACTION-MIB?

The only element which defines SA mode (tunnel, transport) is  
ipiaIpsecActMode in ipiaIpsecActionEntry. 

There is no property "mode" per transform or per proposal in 
IPSEC-IKEACTION-MIB.

Is the ipiaIpsecActionEntry designed to be compliant with IKEv2 where SA mode 
is per SA payload (per IPsec action)?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Maxim Frolov | 4 Mar 2005 11:00
Picon
Favicon

Understanding of ipsp-xxx-mib's


Hallo,

I'm evaluating IPSec SPD, IPsec action and IKE action MIBs to employ 
them as an appropriate (implementation independent) IPsec policy 
language / format for IPsec capable security devices developed by our company.

I have some questions about these MIB's.

Q1. Understanding question
	After reading RFC3585, RFC3586, ipsp-ipsecpib, ipsp-spd-mib, 
	ipsp-ipsecaction-mib and ipsp-ikeaction-mib I can do the following
	statements:
	1. RFC3585 is an informational model that decsribes how an 
		IPSec SPD is to be logically constructed. This is a 
		hint for concrete implementations of IPSec SPD formats/languages.
	2. The ipsp WG has proposed two implementations of IPSec SPD based on RFC3585:
		a) ipsp-ipsecpib
		b) ipsp-spd-mib, ipsp-ipsecaction-mib and ipsp-ikeaction-mib

        Are these statements rougly true?

Q2. About ipsp-ikeaction-mib objects:
	How references a IpiaIkeActionEntry a IpiaIkeActionProposalsEntry?
	
	How references a IpiaIkeActionProposalsEntry one or more contained 
	IpiaIkeProposalEntry's?
	
	I found references to ipiaAhTransformTable, ipiaEspTransformTable and 
	ipiaIpcompTransformTable but no definitions of them. Are they from and shared
(Continue reading)

Permalink | Reply | 2 comments |

Gmane