Dear all,

IPsec is an important protocol family of the Internet. And we think it may be 
more powerful just by adding a few changes to it.

Source Address Validation (SAV) is a problem that can be partially solved by 
using IPsec or other approaches. However, IPsec AH needs to hash the whole 
changeless fileds of the length-vairable packet and IPsec ESP needs to encrypt 
the whole packet. Therefore the AH or ESP are too costly and heavily to 
implement the source address validation. We design a new tech mechanism that 
uses RPKI and IPsec to solve the inter-domain SAV problem.

This new mechanism needs to define a new type of IPsec SA using together with 
RPKI to validate the inter-domain layer source address. As it only needs to 
choose a little fields to protect but not the whole packet, this will 
dramaticaly decrease the computation cost compared with the original IPsec AH 
or ESP. Thus it may be used globally in the Internet.

Two drafts were submitted for that purpose. The one, ERISAV, describes its 
motivation, main framework, and interactive process. And the other, RISAV, 
describes detailed things about how to use RPKI, IKE, and IPsec AH for source 
address validation.

The drafts' link are
1. https://datatracker.ietf.org/doc/draft-xu-erisav/ 
2. https://datatracker.ietf.org/doc/draft-xu-risav/ 

The above announcement is these drafts. We would like to work with the 
community to improve and clarify these tech drafts.

Best regards.

Yangfei Guo

 
From: internet-drafts
Date: 2022-09-15 16:15
To: Guozhen Dong; Jianping Wu; Ke Xu; Xiaoliang Wang; Yangfei Guo
Subject: New Version Notification for draft-xu-erisav-00.txt
 
A new version of I-D, draft-xu-erisav-00.txt
has been successfully submitted by Yangfei Guo and posted to the
IETF repository.
 
Name: draft-xu-erisav
Revision: 00
Title: Enhance with RPKI and IPsec for the Source Address Validation
Document date: 2022-09-15
Group: Individual Submission
Pages: 8
URL:            https://www.ietf.org/archive/id/draft-xu-erisav-00.txt 
Status:         https://datatracker.ietf.org/doc/draft-xu-erisav/ 
Html:           https://www.ietf.org/archive/id/draft-xu-erisav-00.html 
Htmlized:       https://datatracker.ietf.org/doc/html/draft-xu-erisav 
 
 
Abstract:
   Packet forwarding on Internet typically takes no place with
   inspection of the source address.  Thus malicious attacks or abnormal
   behavior have been launched with the spoofed source addresses.  This
   document describes an inter-domain source address validation with
   RPKI (Resource Public Key Infrastructure) and IPsec (IP Security),
   including the motivation, tech framework, main interactive process,
   and optional extensions.
 
                                                                                
 
 
The IETF Secretariat
 
-------------------------------------------------------------------------------------------------------

A new version of I-D, draft-xu-risav-00.txt
has been successfully submitted by Yangfei Guo and posted to the
IETF repository.

Name: draft-xu-risav
Revision: 00
Title: An RPKI and IPsec-based End-to-End Approach for Source Address Validation
Document date: 2022-09-15
Group: Individual Submission
Pages: 11
URL: https://www.ietf.org/archive/id/draft-xu-risav-00.txt
Status: https://datatracker.ietf.org/doc/draft-xu-risav/
Html: https://www.ietf.org/archive/id/draft-xu-risav-00.html
Htmlized: https://datatracker.ietf.org/doc/html/draft-xu-risav


Abstract:
   Because the Internet forwards packets according to the IP destination
   address, packet forwarding typically takes no place with inspection
   of the source address.  Therefore, malicious attacks or behaviors
   have been launched with spoofed source addresses.  This document
   defines using RPKI (Resource Public Key Infrastructure) and IPsec (IP
   Security) to reinforce the security of source addresses in the inter-
   domain layer.

                                                                                
 


The IETF Secretariat

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to