Hi all, We've just posted a new version of draft-li-spring-srv6-security-consideration. This document describes various threats and security concerns related to SRv6 networks and existing approaches to solve these threats.
According to the comments received from IETF 116, we made the following main updates: 1) Reorganize the content of the document. Threats analysis first, and then solutions. 2) Security implications are categorized into: Vulnerabilities of SIDs/SRH, Vulnerabilities Inherited from IPv6, and Implications on Security Device. 3) In the solution section, introduce ACL filtering first, followed with HMAC, SAV, IPSec, etc. 4) Add some descriptions on operational considerations. 5) Some other clarifications. Looking forward to WG's comments and inputs. Best, Nan A new version of I-D, draft-li-spring-srv6-security-consideration-11.txt has been successfully submitted by Nan Geng and posted to the IETF repository. Name: draft-li-spring-srv6-security-consideration Revision: 11 Title: Security Considerations for SRv6 Networks Document date: 2023-07-24 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-li-spring-srv6-security-consideration-11.txt Status: https://datatracker.ietf.org/doc/draft-li-spring-srv6-security-consideration/ Html: https://www.ietf.org/archive/id/draft-li-spring-srv6-security-consideration-11.html Htmlized: https://datatracker.ietf.org/doc/html/draft-li-spring-srv6-security-consideration Diff: https://author-tools.ietf.org/iddiff?url2=draft-li-spring-srv6-security-consideration-11 Abstract: SRv6 inherits potential security vulnerabilities from source routing in general, and also from IPv6. This document describes various threats and security concerns related to SRv6 networks and existing approaches to solve these threats. The IETF Secretariat _______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
