---------------------------------------------------------------------- Note: As we did not have a full-time scribe proper, this file compiles the various notes and action items coming from the meeting. ---------------------------------------------------------------------- MSEC WG Meeting Summary & Notes, IETF57 Vienna ---------------------------------------------- The MSEC WG met on Monday night (14 July 2003), with presentations and updates on the current drafts. Presentations were given on GSAKMP, MIKEY, FMKE, DHHMAC and the GKM Architecture draft. The Re-Charter and New Milestones have been approved by the ADs, but the Re-Charter must be further approved by the IESG. (1) GSAKMP: ----------- - The GSAKMP protocol will now be aimed at Standards Track (with the GSAKMP-Light draft being deprecated). - Although there is a close relationship between the Policy Token and GSAKMP, the Token should be usable with other group-key management protocols and in various areas of application. - Some GSAKMP discussion points: Laskhminath: We need to standardize GSAKMP and the policy token drafts together. Hugh: The current policy token is written for IPsec SAs, but one could develop a policy token for any other data security protocol. Lakshminath: Can GSAKMP actually work without a policy token? Hugh: You need a policy token. Lakshminath: Then, we need that base spec as part of the GSAKMP RFC Haitham: Commented that the current spec without the policy token is good for interoperability of GSAKMP implementations. Thomas: A possible way forward would be to define a "base-profile" for the token containing fields common to the various key management protocols. Area-specific needs would then be satisfied by adding additional fields ("extensions") to the Token. The Policy Token cannot, therefore, be Informational (ie. it must be aimed at Experimental, at least). (2) MIKEY and DHHMAC: --------------------- - Most (if not all) issues with regards to MIKEY have been resolved. The DH Mode is now optional, while additional text have been added regarding defining new DH groups and regarding AES Key Wrap (suggestion from Russ, AD). - Since MIKEY has been in WG Last Call status since the last IETF-56, its Last Call must be ended at a given date (decided to be 1 August 2003). - The WG last call for the DHHMAC draft will follow soon after MIKEY's closing last call. For DHHMAC, this is tentatively 1 September 2003. - Some MIKEY discussion points: Lakshminath(?): Is delegated authorization handled? Fredrik: No, it is not handled in MIKEY, but left for further extensions (3) GKM-Architecture: --------------------- - Extensive discussion on this draft, particularly on whether or not it should contain feature-comparisons of the key management protocols. - One suggestion was to limit the contents of this document to architecture-level descriptions and the explanation of Group Security Associations (GSA). - Since it was agreed that some guidance document was needed for implementers, the text (in the GKM-Arch draft) describing feature-comparisons will be split-off into a new draft (tentatively titled "Guidance to choosing MSEC Key Management Protocols" or similar). Lakshminath, Hugh and Thomas will be initial contributors to this draft. Other authors sought. (4) FMKE Presentation --------------------- Discussion after presentation Sebastien: Phase 2 has just two messages Lakshminath objected. Phase 2 is not clear. The GCKS seems to be sending an SA to members without the member asking to join a given group. Ans: It is part of configuration? Thomas: Is the FMKE draft aimed at Informational or Experimental? Lakshminath: Let us take this to the list. (5) Action Items: ----------------- (a) Last Call closing date for MIKEY draft Friday 1 August 2003 (or the IESG Last Call closing date, whichever comes first). (b) Last Call closing date for MSEC Architecture draft Friday 8 August 2003. (c) Last Call announcement for GKM Architecture draft, will be sent out Friday 1 August 2003 (closing date of 1 September 2003). (d) Last Call announcement for DHHMAC draft, will be sent out Friday 1 August 2003 (closing date of 1 September 2003). (6) Others: ----------- - A separate LKH-Algorithm draft is needed in order to help in implementations. Lakshminath will continue this effort (ps. other authors sought after). ----------------------------------------------------------------------