Attached are the presentations as ipsra-49.tar.gz. The minutes were:

IPSRA WG, San Diego, December 12, 2000

The agenda was approved without changes.

** IPSRA Requirements document
draft-ietf-ipsra-reqmts-02.txt was posted to the mailing list after draft cutoff date. There was a quesition from the floor: why were byte counts removed as requirements? Answer: discussion from Pittburgh and the list. This led to a discussion of problems of definitons of the WG work. People who want to emphasize remote access (as compared to emphasizing security) feel that they are not being heard. Some people feel that Remote Access is how most people connect to the Internet (usually dial-in through untrusted ISP), not a connection with a fixed IP address; others disagreed. Decision: look again at the charter.

** GetCert document
draft-ietf-ipsra-getcert-00.txt was presented. A comment from the floor was that SCEP was broken and should not be used; the response was that GetCert uses only a part of SCEP that isn't broken. It was pointed out that GetCert only handles half-trip or one round trip authentication, although it is not clear whether this is much of a problem in most cases. The CA must make security policy for SSL connection. The client must start with the appropriate root certificate; this may assume a public SSL root similar to the ecommerce model.

** PIC document
draft-ietf-ipsra-pic-01.txt has many changes from -00. It now uses EAP (RFC 2284) instead of XAuth, it uses a new ISAKMP exchange type, and it eliminates one round trip. A comment from the floor indicated that PIC will be open to the same attacks as agressive-mode IKE.

** IKE DHCP document
draft-ietf-ipsec-dhcp-08.txt is in Working Group last call. There was a discussion of MUST/SHOULD/MAY for the quick mode ID payload which needs to be resolved on the list. There was also a suggestion to add something from the user's certificate for the DHCP user ID.

Steps forward:
--wrap up DHCP in next two weeks, send to the IESG
--choose between GetCert and PIC sometime in January