Welcome to the IPSECME WG Wiki

IPsec is the leading IETF security architecture, providing layer-3 protection for IP traffic. It consists of traffic security protocols (the most important nowadays is ESP) and a key management protocol (IKE, the Internet Key Exchange protocol). Modern IPsec is specified in a series of RFCs, RFC 4301 through RFC 4309. The most important addition is IKEv2, initially specified in RFC 4306, and as full internet standard in RFC7296. Many implementations still follow the previous version of IPsec and IKE version 1, as specified in RFC 2401-2412; it is our goal to ensure smooth transition to the new specifications.

The IPsec Maintenance and Extensions (ipsecme) Working Group is a direct successor of the ipsec Working Group, which was concluded in 2005. In fact ipsecme has inherited the IPsec mailing list (search the list). The WG's charter, which is being periodically refreshed, can be found here. The group is part of the IETF Security Area.

This supplementary page contains related information, including relevant IETF and non-IETF documents, related working groups, and information on relevant events.

Working Group Status

We are currently rechartering and here is working progress charter

Here is a list of the current working group documents and their status.

Shortly before IETF meetings, documents may be hosted in this temporary repository.

Virtual Interim Meetings

The WG sometimes uses a TeamSpeak server for virtual interim meetings. Instructions for using TeamSpeak and the server can be found here.

Past virtual interim meetings:

Related Working Groups and Activities

Following is a partial list of concluded IETF working groups that are directly related to IPsec.

  • BTNS or "better than nothing security", defines IPsec-based security in situations where traditional authentication is difficult.
  • PKI4IPSEC define a certificate and CRL profile that’s applicable to IPsec.
  • MOBIKE is an IPsec extension enabling it to support mobile peers.
  • MSEC is specifying security for multicast traffic. Much of the working group’s work is based on IPsec.

Related non-IETF activities include:

  • Commercial IPsec conformance testing and interoperability efforts, such as VPNC and ICSA.

IPsec RFCs

Please refer to the IPsec Roadmap document, RFC 6071, for an extensive, annotated list of IPsec-related RFCs. Many of the older published IPsec RFCs are listed on the old group’s charter page.

IPsec-Related Academic Publications

We started a collection of academic papers that are useful for implementers of the IPsec protocol suite, and of course of interest to security researchers.

DDoS Protection

The working group has a document in progress about protecting IKE gateways from DDoS. See Protecting Internet Key Exchange (IKE) Implementations from Distributed Denial of Service Attacks.

Some related files are attached to the Temporary Documents page.


If you have any questions about the IPsec suite of standards, please refer them to the IPsec mailing list. Comments on these Web pages are welcome, please contact the WG co-chairs, David Waltermire and Tero Kivinen.

Last modified 5 years ago Last modified on 15/11/17 09:40:53