Hi, the -11 version of the draft addresses comments from Daniel's last review (see my other message). It also makes changes to the way keys are wrapped - it adds explicit indication of key wrap algorithm (via new transform attribute), and thus changes the key wrap format. The changes are based on this discussion: https://mailarchive.ietf.org/arch/msg/cfrg/Y6OxWjFP8Rp7jHxOrckEIJf6yD4/
The draft also has a lot of fixes and clarifications. Hope it is now clearer and is ready for forwarding. Please review the changes. Regards, Valery (and Brian). > Internet-Draft draft-ietf-ipsecme-g-ikev2-11.txt is now available. It is a work item of > the IP Security Maintenance and Extensions (IPSECME) WG of the IETF. > > Title: Group Key Management using IKEv2 > Authors: Valery Smyslov > Brian Weis > Name: draft-ietf-ipsecme-g-ikev2-11.txt > Pages: 74 > Dates: 2024-02-26 > > Abstract: > > This document presents an extension to the Internet Key Exchange > version 2 (IKEv2) protocol for the purpose of a group key management. > The protocol is in conformance with the Multicast Security (MSEC) key > management architecture, which contains two components: member > registration and group rekeying. Both components are required for a > GCKS (Group Controller/Key Server) to provide authorized Group > Members (GMs) with IPsec group security associations. The group > members then exchange IP multicast or other group traffic as IPsec > packets. > > This document obsoletes RFC 6407. This documents also updates RFC > 7296 by renaming a transform type 5 from "Extended Sequence Numbers > (ESN)" to the "Replay Protection (RP)" and by renaming IKEv2 > authentication method 0 from "Reserved" to "NONE". > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-g-ikev2/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-g-ikev2-11 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-g-ikev2-11 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
