I should point out that BEET mode is defined in
rfc 7402
This is the basis for the BEET code in the Linux kernel.
It should incorporate everything in Pekka's older drafts.
Note that I am a co-author of 7402, but the Ericsson team did all the
heavy lifting.
As defined in 7402 it is used in a few products. Some implementations,
I have been told, are in US military use.
Bob
On 10/27/23 06:17, Antony Antony wrote:
Hi,
We've submitted a draft proposal to revive and standardize IPsec BEET mode,
which is widely used but had its previous ID expire in 2009. This proposal
also includes a suggestion for introducing IKE Notification for negotiation
purposes.
We'd appreciate your feedback on this ID. If you're aware of any more use
cases for BEET mode, please share them. I would like to add a few more to
the ID. The original ID emphasized mobility as use case, and we're
considering whether to keep those aspects in the new proposal. If you use or
likely to use BEET mode with mobility please share your thoughts.
I'll be discussing these points at the upcoming IETF 118 meeting in Prague.
-antony
On Mon, Oct 23, 2023 at 09:08:05AM -0700, internet-dra...@ietf.org wrote:
Internet-Draft draft-antony-ipsecme-beet-mode-00.txt is now available.
Title: A Bound End-to-End Tunnel (BEET) mode for ESP
Authors: Antony Antony
Steffen Klassert
Name: draft-antony-ipsecme-beet-mode-00.txt
Pages: 21
Dates: 2023-10-23
Abstract:
This document specifies a new mode for IPsec ESP, known as Bound End-
to-End Tunnel (BEET) mode. This mode complements the existing ESP
tunnel and transport modes, while enhancing end-to-end IPsec usage.
It offers the characteristics of the tunnel mode but without its
usual overhead. The BEET mode is designed to accommodate evolving
applications of ESP, such as minimalist end-to-end tunnel, mobility
and multi-address multi-homing. Additionally, this document proposes
a new Notify Message, USE_BEET_MODE, for the Internet Key Exchange
Protocol Version 2 (IKEv2) specified in [RFC7296], to facilitate BEET
mode Security Association negotiation.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-antony-ipsecme-beet-mode/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-antony-ipsecme-beet-mode-00.html
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec