Joe, The primary scenario for the proposed authentication method is from draft-ietf-rtgwg-multi-segment-sdwan where an additional header (GENEVE Encapsulation [RFC8926]) is added to the encrypted payload to steer packets through underlay networks. In these scenarios, the underlay network edge nodes do not decrypt and re-encrypt the payloads. The header information is used for optimizing packet forwarding in underlay networks and, therefore, resides outside the IPsec ESP header.
It was pointed out that UDP option header can also use this proposed approach. We would like more feedback from the IPsecme community. Thanks, Linda From: Joe Touch <[email protected]> Sent: Monday, October 28, 2024 1:26 PM To: Linda Dunbar <[email protected]> Cc: Tero Kivinen <[email protected]>; Yoav Nir <[email protected]>; [email protected] Subject: Re: [IPsec] Need 10 minutes slot at the IPsecme session Do you mean UDP? On Oct 28, 2024, at 1:20 PM, Linda Dunbar <[email protected]<mailto:[email protected]>> wrote: IPsecme Chairs, We would like a 10minutes slot at the IPsecme session in IETF 121 to discuss this draft: https://datatracker.ietf.org/doc/draft-dunbar-secdispatch-ligthtweight-authenticate/ This document describes lightweight authentication methods to prevent malicious actors tampering with the IP encapsulation headers or metadata carried by the UPD Option Header. We revised the draft to address comments and suggestion during the offline discussion at IETF120. Would like to get more feedback from the IPsecme group of the revision. Thank you. Linda _______________________________________________ IPsec mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
