The IESG has received a request from the IP Performance Metrics WG (ippm) to consider the following document: - 'IKEv2-based Shared Secret Key for O/TWAMP' <draft-ietf-ippm-ipsec-08.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-02-09. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The O/TWAMP security mechanism requires that both the client and server endpoints possess a shared secret. Since the currently- standardized O/TWAMP security mechanism only supports a pre-shared key mode, large scale deployment of O/TWAMP is hindered significantly. At the same time, recent trends point to wider IKEv2 deployment which, in turn, calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two- way network performance in a standardized manner. This document describes the use of keys derived from an IKEv2 SA as the shared key in O/TWAMP. If the shared key can be derived from the IKEv2 SA, O/ TWAMP can support certificate-based key exchange, which would allow for more operational flexibility and efficiency. The key derivation presented in this document can also facilitate automatic key management. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/ballot/ No IPR declarations have been submitted directly on this I-D.
