Linda Dunbar <linda.dun...@futurewei.com> wrote:
> We presented the 01 version at the Alldispatch session in IETF120. The
> feedback was the mechanism should be discussed in the IPsecme group.
Well, my feedback, at the MIC, at Vancouver was that you needed a new key
agreement protocol that could share keys with the intermediate routers, and
that was not going to be IKEv2, and so you needed a new effort.
> Linda Dunbar <linda.dun...@futurewei.com> wrote:
>> The primary scenario for the proposed authentication method is from
draft-ietf-rtgwg-multi-segment-sdwan
>> where an additional header (GENEVE Encapsulation [RFC8926]) is added to
>> the encrypted payload to steer packets through underlay networks. In
>> these scenarios, the underlay network edge nodes do not decrypt and
>> re-encrypt the payloads. The header information is used for optimizing
>> packet forwarding in underlay networks and, therefore, resides outside
>> the IPsec ESP header.
> So, why is this an IPsec problem/concern?
> --
> Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
