Thanks, Bob, for pointing this out! I overlooked the Appendix where BEET mode was defined, so I really appreciate the heads-up.
I noticed we still need to get an IKEv2 notifier to use BEET mode with IKEv2. This draft will focus on that and refer to RFC 7402 for the BEET mode ESP protocol specifications. -antony On Mon, Nov 06, 2023 at 05:45:44AM -0500, Robert Moskowitz wrote: > I should point out that BEET mode is defined in > > rfc 7402 > > This is the basis for the BEET code in the Linux kernel. > > It should incorporate everything in Pekka's older drafts. > > Note that I am a co-author of 7402, but the Ericsson team did all the heavy > lifting. > > As defined in 7402 it is used in a few products. Some implementations, I > have been told, are in US military use. > > Bob > > On 10/27/23 06:17, Antony Antony wrote: > > Hi, > > > > We've submitted a draft proposal to revive and standardize IPsec BEET mode, > > which is widely used but had its previous ID expire in 2009. This proposal > > also includes a suggestion for introducing IKE Notification for negotiation > > purposes. > > > > We'd appreciate your feedback on this ID. If you're aware of any more use > > cases for BEET mode, please share them. I would like to add a few more to > > the ID. The original ID emphasized mobility as use case, and we're > > considering whether to keep those aspects in the new proposal. If you use or > > likely to use BEET mode with mobility please share your thoughts. > > > > I'll be discussing these points at the upcoming IETF 118 meeting in Prague. > > > > -antony > > > > > > On Mon, Oct 23, 2023 at 09:08:05AM -0700, internet-dra...@ietf.org wrote: > > > Internet-Draft draft-antony-ipsecme-beet-mode-00.txt is now available. > > > > > > Title: A Bound End-to-End Tunnel (BEET) mode for ESP > > > Authors: Antony Antony > > > Steffen Klassert > > > Name: draft-antony-ipsecme-beet-mode-00.txt > > > Pages: 21 > > > Dates: 2023-10-23 > > > > > > Abstract: > > > > > > This document specifies a new mode for IPsec ESP, known as Bound End- > > > to-End Tunnel (BEET) mode. This mode complements the existing ESP > > > tunnel and transport modes, while enhancing end-to-end IPsec usage. > > > It offers the characteristics of the tunnel mode but without its > > > usual overhead. The BEET mode is designed to accommodate evolving > > > applications of ESP, such as minimalist end-to-end tunnel, mobility > > > and multi-address multi-homing. Additionally, this document proposes > > > a new Notify Message, USE_BEET_MODE, for the Internet Key Exchange > > > Protocol Version 2 (IKEv2) specified in [RFC7296], to facilitate BEET > > > mode Security Association negotiation. > > > > > > The IETF datatracker status page for this Internet-Draft is: > > > https://datatracker.ietf.org/doc/draft-antony-ipsecme-beet-mode/ > > > > > > There is also an HTML version available at: > > > https://www.ietf.org/archive/id/draft-antony-ipsecme-beet-mode-00.html > > > > > > Internet-Drafts are also available by rsync at: > > > rsync.ietf.org::internet-drafts > > > > > > > > _______________________________________________ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
