Luis A. Sanchez | 6 Nov 04:52 2003

Agenda Items


Folks, Hilarie and I are working on the IPSP agenda, please forward your 
requests to the mailing list. thanks!

-luis

Agenda Bashing
WG and Document Status H. Orman
MIB Document  W. Hardaker
PIB Document  M. Li
IPsec API work W. Sommerfeld
pf_policy  ?
Summary

Wes Hardaker | 10 Nov 23:26 2003
Face

Splitting the IPSEC-POLICY-MIB into 3 parts.


The MIB for this WG was completed a year ago, and got reviewed by one
AD and the comments were Incorporated.  But it has not been reviewed
by one of the security area ADs, and there it sat for a long time.
Part of the problem is that the size of the document was, um, large
due to the number of configuration options that IKE and IPsec require.

In the mean time, two other working groups have wanted to make use of
the security-policy/filtering mechanisms defined by the first half of
the MIB (the smallest and easiest to understand portion of the MIB).
However, these WGs were unwilling to use it unless it became a
separate document (IE, the conformance statements at the bottom of the
MIB were not understood since they specifically documented that
implementation of the IPsec portions weren't necessary to claim
conformance with the firewall/filtering quarter of the MIB).

Anyway....  In an effort to resolve these problems, the authors would
like to split the document into 3 parts.  1 part for SPD
configuration, 1 part for IPsec parameters and static SAs, and 1 part
for IKE.

The final reasoning for doing this should be obvious: it will be easy
to drop/historic the IKE portion when IKEv2 takes off.

If there are no objections to this, we'll do this and republish within
a few weeks.

Argument Summary:
+ more readable
+ more reusable
(Continue reading)

Wijnen, Bert (Bert | 11 Nov 03:22 2003
Picon

RE: Splitting the IPSEC-POLICY-MIB into 3 parts.


Makes sense to me

Bert 

> -----Original Message-----
> From: Wes Hardaker [mailto:hardaker <at> tislabs.com]
> Sent: maandag 10 november 2003 23:27
> To: ipsec-policy <at> vpnc.org
> Subject: Splitting the IPSEC-POLICY-MIB into 3 parts.
> 
> 
> 
> 
> The MIB for this WG was completed a year ago, and got reviewed by one
> AD and the comments were Incorporated.  But it has not been reviewed
> by one of the security area ADs, and there it sat for a long time.
> Part of the problem is that the size of the document was, um, large
> due to the number of configuration options that IKE and IPsec require.
> 
> In the mean time, two other working groups have wanted to make use of
> the security-policy/filtering mechanisms defined by the first half of
> the MIB (the smallest and easiest to understand portion of the MIB).
> However, these WGs were unwilling to use it unless it became a
> separate document (IE, the conformance statements at the bottom of the
> MIB were not understood since they specifically documented that
> implementation of the IPsec portions weren't necessary to claim
> conformance with the firewall/filtering quarter of the MIB).
> 
> Anyway....  In an effort to resolve these problems, the authors would
(Continue reading)

Luis A. Sanchez | 11 Nov 16:33 2003

Re: Splitting the IPSEC-POLICY-MIB into 3 parts.


No one present at the WG meeting last night opposed to the idea of 
splitting the original IPsec Configuration MIB document into three 
smaller documents. If anyone on the mailing list has a reason for not 
doing this please send email to the mailing list.

-luis

Internet-Drafts | 19 Nov 21:27 2003
Picon

I-D ACTION:draft-ietf-ipsp-ipsecpib-09.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Policy Working Group of the IETF.

	Title		: IPSec Policy Information Base
	Author(s)	: M. Li, D. Arneson, A. Doria, J. Jason, C. Wang, M. Stenberg
	Filename	: draft-ietf-ipsp-ipsecpib-09.txt
	Pages		: 97
	Date		: 2003-11-19
	
This document describes a portion of the Policy Information Base 
(PIB) for a device implementing the IP Security Architecture.  The 
provisioning classes defined here provide control of IPsec policy. 
These provisioning classes can be used with other non-IPsec 
provisioning classes (defined in other PIB modules) to provide for a 
comprehensive policy controlled mapping of service requirement to 
device capability and usage.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsp-ipsecpib-09.txt

To remove yourself from the IETF Announcement list, send a message to 
ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsp-ipsecpib-09.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
(Continue reading)

Nicolas Williams | 20 Nov 00:01 2003
Picon

Channel Bindings presentation from IETF 58 SAAG meeting

Attached.

I've added notes to some of the slides and one slide that should have
been there ("Goals").  No slides have been modified.

The most consisten feedback I have received since I made the
presentation is that it was much too long, for which I apologize.

I have also received positive feedback on the concept of IPsec channels,
which is encouraging.

Cheers,

Nico
--

-- 
Attachment (cbindings.pdf): application/pdf, 78 KiB
Man.M.Li | 21 Nov 16:24 2003
Picon

RE: MIB/PIB doctor review for draft-ietf-ipsp-ipsecpib-09.txt - part 1


Hi Bert,

Thanks for your comments on the IPsec PIB draft v9. Modifications have been made to address your comments
1-7 and they are described below. Please also take a look at my reply to your comment #8, since any change
will create a discrepancy with RFC 3585, I suggest to leave it as is unless you do not agree.

Please let me know if any of the modifications described are still not satisfactory. I look forward to
hearing more comments from you on the rest of the draft. At which point, we'll submit a new version. Thanks.

Best regards
Man

> -----Original Message-----
> From: ext Wijnen, Bert (Bert) [mailto:bwijnen <at> lucent.com]
> Sent: November 19, 2003 12:08 PM
> To: Li Man.M (NRC/Boston); 'ho <at> alum.mit.edu'; 'avri <at> apocalypse.org';
> 'lsanchez <at> xapiens.com'
> Cc: Steve Bellovin (E-mail); Wijnen, Bert (Bert)
> Subject: MIB/PIB doctor review for draft-ietf-ipsp-ipsecpib-09.txt -
> part 1
> 
> 
> Based on the revision 9 that I received privately:
> 
> 1. I see:
>    ipSecRuleIfName OBJECT-TYPE
>      SYNTAX SnmpAdminString
>      STATUS current
>      DESCRIPTION
(Continue reading)

Madhur Kohli | 24 Nov 05:15 2003
Picon

Policy 2004: Call for Papers


This CFP posted here, with permission of the WG chairs, to solicit 
participation from members of this community.

-- 
Policy 2004: 5th IEEE International Workshop on Policies
            for Distributed Systems and Networks

7-9 June 2004

IBM T.J. Watson Research Centre, Yorktown Heights, New York.

http://www.policy-workshop.org/2004/

The policy workshop aims to bring together researchers and practitioners
working on policy-based systems across a wide range of application areas
including policy-based networking, security management, storage area
networking, and enterprise systems. Policy 2004 is the 5th in a series of
successful workshops which since 1999 have provided a forum for discussion
and collaboration between researchers, developers and users of policy-based
systems. This year, in addition to the latest research results from the
communities working in the areas mentioned above, we encourage 
contributions
on policy-based techniques in support of: autonomic computing, ubiquitous
systems and business rules.

Policy 2004 invites contributions in the form of either:
- Technical papers (max. length 10 pages).
- Short position papers describing preliminary experimental results,
  experiences with deployed policy systems, and new applications and
(Continue reading)


Gmane