Folks, Hilarie and I are working on the IPSP agenda, please forward your requests to the mailing list. thanks! -luis Agenda Bashing WG and Document Status H. Orman MIB Document W. Hardaker PIB Document M. Li IPsec API work W. Sommerfeld pf_policy ? Summary
The MIB for this WG was completed a year ago, and got reviewed by one AD and the comments were Incorporated. But it has not been reviewed by one of the security area ADs, and there it sat for a long time. Part of the problem is that the size of the document was, um, large due to the number of configuration options that IKE and IPsec require. In the mean time, two other working groups have wanted to make use of the security-policy/filtering mechanisms defined by the first half of the MIB (the smallest and easiest to understand portion of the MIB). However, these WGs were unwilling to use it unless it became a separate document (IE, the conformance statements at the bottom of the MIB were not understood since they specifically documented that implementation of the IPsec portions weren't necessary to claim conformance with the firewall/filtering quarter of the MIB). Anyway.... In an effort to resolve these problems, the authors would like to split the document into 3 parts. 1 part for SPD configuration, 1 part for IPsec parameters and static SAs, and 1 part for IKE. The final reasoning for doing this should be obvious: it will be easy to drop/historic the IKE portion when IKEv2 takes off. If there are no objections to this, we'll do this and republish within a few weeks. Argument Summary: + more readable + more reusable(Continue reading)
Makes sense to me Bert > -----Original Message----- > From: Wes Hardaker [mailto:hardaker <at> tislabs.com] > Sent: maandag 10 november 2003 23:27 > To: ipsec-policy <at> vpnc.org > Subject: Splitting the IPSEC-POLICY-MIB into 3 parts. > > > > > The MIB for this WG was completed a year ago, and got reviewed by one > AD and the comments were Incorporated. But it has not been reviewed > by one of the security area ADs, and there it sat for a long time. > Part of the problem is that the size of the document was, um, large > due to the number of configuration options that IKE and IPsec require. > > In the mean time, two other working groups have wanted to make use of > the security-policy/filtering mechanisms defined by the first half of > the MIB (the smallest and easiest to understand portion of the MIB). > However, these WGs were unwilling to use it unless it became a > separate document (IE, the conformance statements at the bottom of the > MIB were not understood since they specifically documented that > implementation of the IPsec portions weren't necessary to claim > conformance with the firewall/filtering quarter of the MIB). > > Anyway.... In an effort to resolve these problems, the authors would(Continue reading)
No one present at the WG meeting last night opposed to the idea of splitting the original IPsec Configuration MIB document into three smaller documents. If anyone on the mailing list has a reason for not doing this please send email to the mailing list. -luis
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Policy Working Group of the IETF. Title : IPSec Policy Information Base Author(s) : M. Li, D. Arneson, A. Doria, J. Jason, C. Wang, M. Stenberg Filename : draft-ietf-ipsp-ipsecpib-09.txt Pages : 97 Date : 2003-11-19 This document describes a portion of the Policy Information Base (PIB) for a device implementing the IP Security Architecture. The provisioning classes defined here provide control of IPsec policy. These provisioning classes can be used with other non-IPsec provisioning classes (defined in other PIB modules) to provide for a comprehensive policy controlled mapping of service requirement to device capability and usage. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsp-ipsecpib-09.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ipsp-ipsecpib-09.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html(Continue reading)
Attached.
I've added notes to some of the slides and one slide that should have
been there ("Goals"). No slides have been modified.
The most consisten feedback I have received since I made the
presentation is that it was much too long, for which I apologize.
I have also received positive feedback on the concept of IPsec channels,
which is encouraging.
Cheers,
Nico
--
--
Hi Bert, Thanks for your comments on the IPsec PIB draft v9. Modifications have been made to address your comments 1-7 and they are described below. Please also take a look at my reply to your comment #8, since any change will create a discrepancy with RFC 3585, I suggest to leave it as is unless you do not agree. Please let me know if any of the modifications described are still not satisfactory. I look forward to hearing more comments from you on the rest of the draft. At which point, we'll submit a new version. Thanks. Best regards Man > -----Original Message----- > From: ext Wijnen, Bert (Bert) [mailto:bwijnen <at> lucent.com] > Sent: November 19, 2003 12:08 PM > To: Li Man.M (NRC/Boston); 'ho <at> alum.mit.edu'; 'avri <at> apocalypse.org'; > 'lsanchez <at> xapiens.com' > Cc: Steve Bellovin (E-mail); Wijnen, Bert (Bert) > Subject: MIB/PIB doctor review for draft-ietf-ipsp-ipsecpib-09.txt - > part 1 > > > Based on the revision 9 that I received privately: > > 1. I see: > ipSecRuleIfName OBJECT-TYPE > SYNTAX SnmpAdminString > STATUS current > DESCRIPTION(Continue reading)
This CFP posted here, with permission of the WG chairs, to solicit
participation from members of this community.
--
Policy 2004: 5th IEEE International Workshop on Policies
for Distributed Systems and Networks
7-9 June 2004
IBM T.J. Watson Research Centre, Yorktown Heights, New York.
http://www.policy-workshop.org/2004/
The policy workshop aims to bring together researchers and practitioners
working on policy-based systems across a wide range of application areas
including policy-based networking, security management, storage area
networking, and enterprise systems. Policy 2004 is the 5th in a series of
successful workshops which since 1999 have provided a forum for discussion
and collaboration between researchers, developers and users of policy-based
systems. This year, in addition to the latest research results from the
communities working in the areas mentioned above, we encourage
contributions
on policy-based techniques in support of: autonomic computing, ubiquitous
systems and business rules.
Policy 2004 invites contributions in the form of either:
- Technical papers (max. length 10 pages).
- Short position papers describing preliminary experimental results,
experiences with deployed policy systems, and new applications and
(Continue reading)
RSS Feed2 | |
|---|---|
2 | |
1 | |
1 | |
1 | |
9 | |
2 | |
5 | |
14 | |
4 | |
2 | |
1 | |
1 | |
1 | |
3 | |
16 | |
7 | |
1 | |
6 | |
8 | |
1 | |
1 | |
9 | |
21 | |
7 | |
3 | |
7 | |
2 | |
2 | |
1 | |
9 | |
6 | |
1 | |
4 | |
7 | |
6 | |
8 |
