[OpenSWAN dev]
Gregory Lebovitz: [Pki4ipsec] Revised Charter -06 (as body text)
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Dec 8 18:22:05 CET 2003
-----BEGIN PGP SIGNED MESSAGE-----
I was at the BOF, and I expect OS2 to comply to the documents.
Your participation in the WG would be appreciated.
Return-Path: <pki4ipsec-admin at honor.icsalabs.com>
Delivered-To: pki4ipsec at honor.icsalabs.com
Message-ID: <541402FFDC56DA499E7E13329ABFEA8703310675 at SARATOGA.netscreen.com>
From: Gregory Lebovitz <Gregory at netscreen.com>
To: "'pki4ipsec at icsalabs.com'" <pki4ipsec at icsalabs.com>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Subject: [Pki4ipsec] Revised Charter -06 (as body text)
Sender: pki4ipsec-admin at honor.icsalabs.com
Errors-To: pki4ipsec-admin at honor.icsalabs.com
X-BeenThere: pki4ipsec at honor.icsalabs.com
X-Mailman-Version: 2.0.11
Precedence: bulk
List-Help: <mailto:pki4ipsec-request at honor.icsalabs.com?subject=help>
List-Post: <mailto:pki4ipsec at honor.icsalabs.com>
List-Subscribe: <http://honor.icsalabs.com/mailman/listinfo/pki4ipsec>,
<mailto:pki4ipsec-request at honor.icsalabs.com?subject=subscribe>
List-Id: <pki4ipsec.honor.icsalabs.com>
List-Unsubscribe: <http://honor.icsalabs.com/mailman/listinfo/pki4ipsec>,
<mailto:pki4ipsec-request at honor.icsalabs.com?subject=unsubscribe>
List-Archive: <http://honor.icsalabs.com/pipermail/pki4ipsec/>
X-Original-Date: Mon, 8 Dec 2003 12:00:03 -0800
Date: Mon, 8 Dec 2003 12:00:03 -0800
X-Spam-Status: No, hits=-7.2 required=5.0
tests=BAYES_01,KNOWN_MAILING_LIST
version=2.52
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp)
PROPOSED CHARTER FOR PKI4IPSEC
DESCRIPTION:
IPsec has been standardized for over 5 years, and the use of
X.509 certificates have been specified within the IPsec
standards for the same time. However, very few IPsec
deployments use certificates. One reason is the lack of a
clear description of how X.509 certificates should be used
with IPsec. Another is the lack of a simple, scalable, and
clearly specified way for IPsec systems to obtain certificates
and perform other certificate lifecycle operations with PKI systems.
THE WG WILL DELIVER:
1) A standards-track document that gives specific
instructions on how X.509 certificates should be
handled with respect to the IKEv1 and IKEv2 protocols.
This document will include a certificate profile, addressing
which fields in the certificate should have which
values and how those values should be handled. This effort is
the WG's primary priority.
2) An informational document identifying and describing
requirements for a profile of a certificate management protocol to
handle PKI enrolment as well as certificate lifecycle interactions
between IPsec VPN systems and PKI systems. Enrolment is defined
as certificate request and retrieval. Certificate lifecycle
interactions is defined as certificate renewals/changes, revocation,
validation, and repository lookups.
These requirements will be designed so that they meet
the needs of enterprise scale IPsec VPN deployments.
Once the above to items enter WG last call, we will begin work on:
3) A standards-track document describing a detailed
profile of the CMC protocol that meets the requirements
laid out in the requirements document. Profile documents for other
enrolment and/or management protocols may also be created.
SCOPE
The working group will focus on the needs of enterprise scale
IPsec VPN deployments. Gateway-to-gateway access (tunnel mode) and end-user
remote access to a gateway (either tunnel or transport mode) are both in
scope.
NON-GOALS
User-to-user IPsec connections will be considered, but are not explicitly in
scope. We will consider the requirements for this scenario only until doing
so significantly slows the progress of the explicitly scoped items, at which
point it will be dropped.
Specification of communications between an IPsec administrative
function and IPsec systems is explicitly out of scope.
Purely PKI to PKI issues will not be addressed. Cross-certification will not
be addressed. Long term non-repudiation will also not be
addressed.
MILESTONES
Jan 2004 Post Certificate Profile as an Internet Draft
Feb 2004 Post Management Protocol Profile Requirements as I-D
Mar 2004 Submit Certificate Profile as WG last call
Apr 2004 Rev Requirements for management protocol profile as needed
May 2004 Submit Certificate Profile to IESG, Proposed Standard
May 2004 Submit Requirements for Management Protocol Profile as WG
last call
Jun 2004 WG decision on other Enrolment/Management protocols to
profile
Jul 2004 Submit Requirements for Management protocol Profile to IESG,
Informational
Jul 2004 Post CMC for IPsec VPN Profile as Internet Draft
Jul 2004 Post other enrolment/management profiles as I-D
Sep 2004 Rev CMC for IPsec VPN profile as needed
Sep 2004 Rev other enrolment/management profiles as needed
Nov 2004 CMC for IPsec VPN profile to WG last call
Nov 2004 other enrolment/management profiles to WG last call
Jan 2005 Submit CMC for IPsec VPN Profile to IESG, Proposed Standard
Jan 2005 Submit other Profiles for enrolment/management to IESG,
Proposed Standard
Feb 2005 Re-charter or close
+--------------------++--------------------+
Gregory M. Lebovitz NetScreen
Architect, CTO Office 805 11th Ave. Bldg. 3
O: +01 (1)408 543 8002 Sunnyvale, CA 94089
E: gregory at netscreen.com NASDAQ: NSCN
_______________________________________________
pki4ipsec mailing list
pki4ipsec at honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/pki4ipsec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBP9UHnIqHRg3pndX9AQHxcwP+KizhCQ3IeY0P4bygZXCiZL4wp6aaf3T5
Njx5SF5x4HEndMEGxWSaqS4SUK2SzXU86gPHcPel2AQSuqT1H91fyuENgXnABbMO
XeJtBIPWsbzl9ErziVcRtJBC+imLzkqLqiIGA91ANnx7+r0BFQksnaqmUI81kYcn
aWySJUiZl0Y=
=qqpN
-----END PGP SIGNATURE-----
More information about the Dev
mailing list