Linda Dunbar <[email protected]> wrote: > We presented the 01 version at the Alldispatch session in IETF120. The > feedback was the mechanism should be discussed in the IPsecme group.
Well, my feedback, at the MIC, at Vancouver was that you needed a new key
agreement protocol that could share keys with the intermediate routers, and
that was not going to be IKEv2, and so you needed a new effort.
> Linda Dunbar <[email protected]> wrote:
>> The primary scenario for the proposed authentication method is from
draft-ietf-rtgwg-multi-segment-sdwan
>> where an additional header (GENEVE Encapsulation [RFC8926]) is added to
>> the encrypted payload to steer packets through underlay networks. In
>> these scenarios, the underlay network edge nodes do not decrypt and
>> re-encrypt the payloads. The header information is used for optimizing
>> packet forwarding in underlay networks and, therefore, resides outside
>> the IPsec ESP header.
> So, why is this an IPsec problem/concern?
> --
> Michael Richardson <[email protected]>, Sandelman Software Works
> -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
