IPsec is the leading IETF security architecture, providing layer-3 protection for IP traffic. It consists of traffic security protocols (the most important nowadays is ESP) and a key management protocol (IKE, the Internet Key Exchange protocol). Modern IPsec is specified in a series of RFCs, RFC 4301 through RFC 4309. The most important addition is IKEv2, initially specified in RFC 4306, and as full internet standard in RFC7296. Many implementations still follow the previous version of IPsec and IKE version 1, as specified in RFC 2401-2412; it is our goal to ensure smooth transition to the new specifications.
The IPsec Maintenance and Extensions (ipsecme) Working Group is a direct successor of the ipsec Working Group, which was concluded in 2005. In fact ipsecme has inherited the IPsec mailing list (search the list). The WG's charter, which is being periodically refreshed, can be found here. The group is part of the IETF Security Area.
This supplementary page contains related information, including relevant IETF and non-IETF documents, related working groups, and information on relevant events.
We are currently rechartering and here is working progress charter
Here is a list of the current working group documents and their status.
Shortly before IETF meetings, documents may be hosted in this temporary repository.
The WG sometimes uses a TeamSpeak server for virtual interim meetings. Instructions for using TeamSpeak and the server can be found here.
Past virtual interim meetings:
Following is a partial list of concluded IETF working groups that are directly related to IPsec.
Related non-IETF activities include:
Please refer to the IPsec Roadmap document, RFC 6071, for an extensive, annotated list of IPsec-related RFCs. Many of the older published IPsec RFCs are listed on the old group’s charter page.
IPsec-Related Academic Publications
We started a collection of academic papers that are useful for implementers of the IPsec protocol suite, and of course of interest to security researchers.
The working group has a document in progress about protecting IKE gateways from DDoS. See Protecting Internet Key Exchange (IKE) Implementations from Distributed Denial of Service Attacks.
Some related files are attached to the Temporary Documents page.
If you have any questions about the IPsec suite of standards, please refer them to the IPsec mailing list. Comments on these Web pages are welcome, please contact the WG co-chairs, David Waltermire and Tero Kivinen.
The content of this page was last updated on 2017-11-15. It was migrated from the old Trac wiki on 2022-12-14.