The original drafts were trying to do this for IPsec and HIP. But in
'08, IPsec said no. So the anything related to IKE was dropped. Good
that you are picking this up.
I included Ari as I think he is the only one here that was involved with
this effort (besides me).
As you are looking at perhaps really making a BEET-bis, we are going to
have to look at how this affects HIP's use.
On 11/8/23 15:43, Antony Antony wrote:
Thanks, Bob, for pointing this out! I overlooked the Appendix where BEET mode
was defined, so I really appreciate the heads-up.
I noticed we still need to get an IKEv2 notifier to use BEET mode with
IKEv2. This draft will focus on that and refer to RFC 7402 for the BEET mode ESP
protocol specifications.
-antony
On Mon, Nov 06, 2023 at 05:45:44AM -0500, Robert Moskowitz wrote:
I should point out that BEET mode is defined in
rfc 7402
This is the basis for the BEET code in the Linux kernel.
It should incorporate everything in Pekka's older drafts.
Note that I am a co-author of 7402, but the Ericsson team did all the heavy
lifting.
As defined in 7402 it is used in a few products. Some implementations, I
have been told, are in US military use.
Bob
On 10/27/23 06:17, Antony Antony wrote:
Hi,
We've submitted a draft proposal to revive and standardize IPsec BEET mode,
which is widely used but had its previous ID expire in 2009. This proposal
also includes a suggestion for introducing IKE Notification for negotiation
purposes.
We'd appreciate your feedback on this ID. If you're aware of any more use
cases for BEET mode, please share them. I would like to add a few more to
the ID. The original ID emphasized mobility as use case, and we're
considering whether to keep those aspects in the new proposal. If you use or
likely to use BEET mode with mobility please share your thoughts.
I'll be discussing these points at the upcoming IETF 118 meeting in Prague.
-antony
On Mon, Oct 23, 2023 at 09:08:05AM -0700, [email protected] wrote:
Internet-Draft draft-antony-ipsecme-beet-mode-00.txt is now available.
Title: A Bound End-to-End Tunnel (BEET) mode for ESP
Authors: Antony Antony
Steffen Klassert
Name: draft-antony-ipsecme-beet-mode-00.txt
Pages: 21
Dates: 2023-10-23
Abstract:
This document specifies a new mode for IPsec ESP, known as Bound End-
to-End Tunnel (BEET) mode. This mode complements the existing ESP
tunnel and transport modes, while enhancing end-to-end IPsec usage.
It offers the characteristics of the tunnel mode but without its
usual overhead. The BEET mode is designed to accommodate evolving
applications of ESP, such as minimalist end-to-end tunnel, mobility
and multi-address multi-homing. Additionally, this document proposes
a new Notify Message, USE_BEET_MODE, for the Internet Key Exchange
Protocol Version 2 (IKEv2) specified in [RFC7296], to facilitate BEET
mode Security Association negotiation.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-antony-ipsecme-beet-mode/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-antony-ipsecme-beet-mode-00.html
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
