Minutes of IPSec Policy, IPSP, 55th IETF, Monday, November 18, 3:30 pm EST Attendance at the meeting was over 100 people. The meeting opened with agenday bashing and a status of the WG documents. The policy configuration documents are within episolon of being ready to present to the IESG for a request for promotion to Proposed Standard. Other Working Group items need discussion and decisions about direction. The Area Direction, Steve Bellovin verifies that he alone has looked at the submitted documents and he provided feedback to the document authors. The IESG as a whole has not yet seen them. The AD comments are summarized in the Chairs' presentation. Man Li asked if AES must be added to the supported algorithms list, and the answer was yes. Another was whether or not the lifetime counters should be specified at 64-bits in the IPSec architecture document. The answer is no, but we should make sure that the IPSec group is aware of the need to match the lifetime counter size to the linespeed. For configuration, we have chosen 64-bits because it is large enough for all expected needs. Eric Vyncke presented the IPSec Configuration Policy Model status. In response to his comments that the ICPM is fairly abstract was is not expected to have much in the way of concrete security considerations, Steve Bellovin commented that he expects the WG's in the security area to have expertise for writing good security considerations sections. Luis Sanchez replied that the Architecture document will be revived for use as a normative reference, and this will answer many of the questions for security considerations. The ICPM revisions based on AD feedback will be incorporated and the document will be resubmitted very soon. The WG Chairs will notify the AD when the new documents are available, and this will alert him to begin tracking the document through the IESG document tracker. Man Li presented the Policy Information Base (PIB) document. This document is complete, modulo the 64-bit counters. Robert Story presented a summary of the MIB document. The MIB extends the ICPM with generic offset in the iPHeaderFilter. This document is nearly done, normative and non-normative references have been added, and the AD comments on the other documents will be addressed in this document as well. The next version will be available very soon. Demonstrations of the net-policy project (net-policy.sf.net) were available during the conference of the freely available reference release (http://net-policy.sourceforge.net for Linux and PlutoPlus + Apache + perl for GUI). An informal poll showed that a handful of attendees are planning to use PIBs or MIBs in projects in the very near future. Demonstrations of the net-policy project (net-policy.sf.net) could be given during the conference of the freely available reference release could be given by the above 3 people. Bill Sommerfield presented the PF_POLICY concept, which is one part of a three-part API for IPSec: IPSec management, PF_POLICY, PF_KEY. He was asked several questions about how PF_KEY might change and what the status of documentation and implementation is. He said that some minor parts of the implementation were done and that he needed time to write up the documentation. He got a volunteer to assist in writing a requirements document. We can expect a document on PF_POLICY by second quarter 2003. Michael Richardson re-presented slides about policy discovery. We need further discussion on the mailing list about how this might be used for enterprise and ISP scenarioss.