Re: [IPsec] FW: New Version Notification for draft-xu-erisav-00.txt and draft-xu-risav-00.txt

Fri, 16 Sep 2022 08:07:12 -0700 

guoyang...@zgclab.edu.cn <guoyangfei=40zgclab.edu...@dmarc.ietf.org> wrote:
    > IPsec is an important protocol family of the Internet. And we think it
    > may be more powerful just by adding a few changes to it.

    > Source Address Validation (SAV) is a problem that can be partially
    > solved by using IPsec or other approaches. However, IPsec AH needs to
    > hash the whole changeless fileds of the length-vairable packet and
    > IPsec ESP needs to encrypt the whole packet. Therefore the AH or ESP
    > are too costly and heavily to implement the source address
    > validation. We design a new tech mechanism that uses RPKI and IPsec to
    > solve the inter-domain SAV problem.

It's not the AH/ESP that's costly, it's the key agreement protocol that
takes time.

    > This new mechanism needs to define a new type of IPsec SA using
    > together with RPKI to validate the inter-domain layer source
    > address. As it only needs to choose a little fields to protect but not
    > the whole packet, this will dramaticaly decrease the computation cost
    > compared with the original IPsec AH or ESP. Thus it may be used
    > globally in the Internet.

Yes, maybe.
You may want to look at TF-ESP, which is a failed protocol.
RFC5840.

    > Two drafts were submitted for that purpose. The one, ERISAV, describes
    > its motivation, main framework, and interactive process. And the other,
    > RISAV, describes detailed things about how to use RPKI, IKE, and IPsec
    > AH for source address validation.

    > The drafts' link are
    > 1. https://datatracker.ietf.org/doc/draft-xu-erisav/
    > 2. https://datatracker.ietf.org/doc/draft-xu-risav/

    > The above announcement is these drafts. We would like to work with the
    > community to improve and clarify these tech drafts.

They aren't not yet mirrored to my laptop, but I'll read them as soon as I
have Internet again.


--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to