Linda Dunbar <linda.dun...@futurewei.com> wrote:
> The primary scenario for the proposed authentication method is from
draft-ietf-rtgwg-multi-segment-sdwan
> where an additional header (GENEVE Encapsulation [RFC8926]) is added to
> the encrypted payload to steer packets through underlay networks. In
> these scenarios, the underlay network edge nodes do not decrypt and
> re-encrypt the payloads. The header information is used for optimizing
> packet forwarding in underlay networks and, therefore, resides outside
> the IPsec ESP header.So, why is this an IPsec problem/concern? -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
