The protocol widely used to set up VPN tunnels is potentially insecure and work on extending its use should be halted, according to The Internet Engineering Task Force (IETF).
Administrative groups within the IETF have put a temporary moratorium on extensions to Internet Key Exchange (IKE) without saying how long the moratorium should last.
"It is fairly clear work on IKE should focus on fixing identified weaknesses in the protocol rather than adding features that detract from the goal of simplicity and correctness," according to a memo from the directors of the IETF's Security Area.
IKE performs several functions including authenticating endpoints of VPN tunnels, deciding which encryption and authentication algorithms would be used in a session, generating encryption keys and managing them.
IKE is one of many protocols rolled up into IPSec, a widely accepted method of establishing VPNs that establish secure links across the Internet and other IP networks.
The IETF is scheduled to meet this week in London to discuss proposed IKE extensions.
"If IKE is vulnerable, we must all share a burden of responsibility for allowing it to get to the state it is in and we must all work together to correct the problem. The IPSec community must act prudently in moving forward with a replacement for IKE," the moratorium memo says.
