Joe, The primary scenario for the proposed authentication method is from draft-ietf-rtgwg-multi-segment-sdwan where an additional header (GENEVE Encapsulation [RFC8926]) is added to the encrypted payload to steer packets through underlay networks. In these scenarios, the underlay network edge nodes do not decrypt and re-encrypt the payloads. The header information is used for optimizing packet forwarding in underlay networks and, therefore, resides outside the IPsec ESP header.
It was pointed out that UDP option header can also use this proposed approach. We would like more feedback from the IPsecme community. Thanks, Linda From: Joe Touch <to...@strayalpha.com> Sent: Monday, October 28, 2024 1:26 PM To: Linda Dunbar <linda.dun...@futurewei.com> Cc: Tero Kivinen <kivi...@iki.fi>; Yoav Nir <ynir.i...@gmail.com>; ipsec@ietf.org Subject: Re: [IPsec] Need 10 minutes slot at the IPsecme session Do you mean UDP? On Oct 28, 2024, at 1:20 PM, Linda Dunbar <linda.dun...@futurewei.com<mailto:linda.dun...@futurewei.com>> wrote: IPsecme Chairs, We would like a 10minutes slot at the IPsecme session in IETF 121 to discuss this draft: https://datatracker.ietf.org/doc/draft-dunbar-secdispatch-ligthtweight-authenticate/ This document describes lightweight authentication methods to prevent malicious actors tampering with the IP encapsulation headers or metadata carried by the UPD Option Header. We revised the draft to address comments and suggestion during the offline discussion at IETF120. Would like to get more feedback from the IPsecme group of the revision. Thank you. Linda _______________________________________________ IPsec mailing list -- ipsec@ietf.org<mailto:ipsec@ietf.org> To unsubscribe send an email to ipsec-le...@ietf.org<mailto:ipsec-le...@ietf.org>
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
