**Session Date/Time:** 23 Jul 2024 22:30 # ipsecme ## Summary The IPSECME working group met to discuss several draft proposals related to IPsec and IKEv2. Topics included delete reason notifications, SATS payload enhancements, ESP ECHO protocol, encrypted ESP ping, beat mode negotiation, multiple sequence counters, a new ESP proposal (ESPv2), diet ESP header compression, FrodoKEM integration with IKEv2, and signature authentication in IKEv2 for quantum resistance. The meeting focused on technical discussion and gathering feedback on the various drafts. Several topics were deferred to the mailing list for further discussion and clarification. ## Key Discussion Points * **Delete SA Reason:** Discussion around the usefulness and language encoding of free-form text within the delete reason notification payload. Concerns were raised regarding potential injection attacks. * **SATS Payload:** Minor fixes and upcoming interoperability testing were mentioned. * **Child PFS Info:** Debate on whether to limit the scope to the simple use case (saving bytes during re-keying) or to address more complex scenarios tying key exchange methods to specific cipher suites. * **No Replay Protection Support Notification:** Discussion about decoupling extended sequence numbers (ESN) and anti-replay, and whether this should be addressed in the draft. * **ESP ECHO Protocol:** Discussion regarding the use cases, particularly whether the protocol should be used only before IKE SA establishment or periodically after, and clarification on how it impacts multiple ways of establishing IPSEC. * **Encrypted ESP Ping:** Discussion of its utility as a pre-flight check compared to encrypted ESP ping after IKE SA establishment, and its applicability to mobile scenarios. * **Beat Mode Negotiation:** Standardizing beat mode and its associated Ikev2 code point. Discussion on whether to update RFC 7402 or create a separate RFC. Concerns raised about whether changes went beyond a pure "bis". * **Multiple Sequence Counters:** Presentation on an informational draft and discussion on whether to adopt it as a WG document. * **Rapid ESP (ESPv2):** Proposal for a new version of ESP. Debate on whether to request a new IP protocol number or repurpose the existing Wrapped ESP (WESP) number. * **Diet ESP (Header Compression):** Challenges related to compressing ECN and DSCP bits in tunnel mode, and concerns around security implications and existing usage patterns. * **FrodoKEM Integration with IKEv2:** Discussion about the large public key and cipher text sizes and questions on aligning with ISO standardization progress. * **Signature Authentication in IKEv2 for Quantum Resistance:** Introducing post-quantum signature algorithms in IKEv2 and leveraging existing signature authentication methods. ## Decisions and Action Items * **Delete SA Reason:** Take discussion to the mailing list to determine the language encoding and necessity of free form text in the notification. * **Child PFS Info:** Take discussion to the mailing list regarding the implementation of a single bit solution covering the simple use case. * **No Replay Protection Support Notification:** Bring up discussion regarding RFC 3043 and the separation of anti-replay from ESN to the mailing list. * **ESP ECHO Protocol:** More comments and feedback requested on the list. * **Beat Mode Negotiation:** Discuss updating RFC 7402 versus creating a new RFC with Bob and bring the question up to the mailing list. * **Multiple Sequence Counters:** The chairs will check the draft in the WG and do a workgroup last call. * **Rapid ESP (ESPv2):** Decide on requesting new IP protocol number and bring it to the transport area. * **Paul Wouters:** To create mailing list threads for drafts to discuss readiness for adoption or last call. ## Next Steps * Continue discussions on the mailing list for outstanding issues. * Paul Wouters to start threads for his drafts to assess readiness for adoption or last call. * The chairs to evaluate the Multiple Sequence Counters draft and potentially initiate a working group last call. * Next meeting in Dublin/Helsinki.