Hi, Regarding the need to have non encrypted text in the esp packet, we had a use case a few years ago for tunnels such as Geneve. NSH may also be something that would need such a property. At that time I proposed something very similar to ESP. I think that is a useful feature to have to enable securing what is currently not secured at all.
https://www.ietf.org/archive/id/draft-mglt-nvo3-geneve-security-architecture-00.txt https://www.ietf.org/archive/id/draft-mglt-nvo3-geneve-authentication-option-00.txt https://www.ietf.org/archive/id/draft-mglt-nvo3-geneve-encryption-option-00.txt Yours, Daniel -- Daniel Migault Ericsson
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
