Re: [IPsec] Fwd: New Version Notification for draft-xu-risav-02.txt

Thu, 20 Oct 2022 07:41:48 -0700 

I don't understand how "transport mode" can work for non-originated
packets; for IPv6, inserting random headers along the path would violate
8200.

On Thu, Oct 20, 2022 at 7:23 AM Ben Schwartz <bemasc=
40google....@dmarc.ietf.org> wrote:

> Hello IPSEC,
>
> We've just put out an extensively revised version of our RISAV proposal
> (the I stands for IPsec).  We'd like to start getting feedback from the
> IPsec experts.  We're also hoping to present this idea and solicit feedback
> at IETF 115.
>
> This is an early stage proposal with a lot of open questions (many of
> which are noted in the draft), but the core idea is simple: use RPKI to
> bootstrap an authenticated IPsec association between the source and
> destination ASes of Internet traffic, so that inauthentic packets can be
> discarded before they reach their destination.
>
> --Ben Schwartz
>
> ---------- Forwarded message ---------
>
> A new version of I-D, draft-xu-risav-02.txt
> has been successfully submitted by Benjamin Schwartz and posted to the
> IETF repository.
>
> Name:           draft-xu-risav
> Revision:       02
> Title:          An RPKI and IPsec-based AS-to-AS Approach for Source
> Address Validation
> Document date:  2022-10-20
> Group:          Individual Submission
> Pages:          17
> URL:            https://www.ietf.org/archive/id/draft-xu-risav-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-xu-risav/
> Html:           https://www.ietf.org/archive/id/draft-xu-risav-02.html
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-xu-risav
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-xu-risav-02
>
> Abstract:
>    This document presents RISAV, a protocol for establishing and using
>    IPsec security between Autonomous Systems (ASes) using the RPKI
>    identity system.  In this protocol, the originating AS adds
>    authenticating information to each outgoing packet at its Border
>    Routers (ASBRs), and the receiving AS verifies and strips this
>    information at its ASBRs.  Packets that fail validation are dropped
>    by the ASBR.  RISAV achieves Source Address Validation among all
>    participating ASes.
>
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to