Hi Folks, As per comments in 124 meeting. Some examples are added, e.g. SRv6 SD-WAN. It is applicable to enterprise SRv6 networks as well, which is within limited domain but extend the boundary to their branches, spread across the nation or globe.
Any comments are welcome. BR, Feng -----邮件原件----- 发件人: [email protected] <[email protected]> 发送时间: 2026年2月9日 15:24 收件人: Changwang Lin <[email protected]>; Feng Yang <[email protected]>; Han Zhang <[email protected]>; Xiaoqiu Zhang <[email protected]>; Zhang Han <[email protected]> 主题: New Version Notification for draft-yang-spring-srv6-verification-03.txt A new version of Internet-Draft draft-yang-spring-srv6-verification-03.txt has been successfully submitted by Feng Yang and posted to the IETF repository. Name: draft-yang-spring-srv6-verification Revision: 03 Title: SRv6 Path Verification Date: 2026-02-09 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-yang-spring-srv6-verification-03.txt Status: https://datatracker.ietf.org/doc/draft-yang-spring-srv6-verification/ HTMLized: https://datatracker.ietf.org/doc/html/draft-yang-spring-srv6-verification Diff: https://author-tools.ietf.org/iddiff?url2=draft-yang-spring-srv6-verification-03 Abstract: SRv6 is being rapidly deployed and is currently primarily used in trusted-domain backbone networks. However, we have also observed that SRv6 is beginning to extend toward end-user devices, e.g., in SD-WAN deployments. SD-WAN can be deployed in third-party clouds or at customer sites, causing the physical boundary of SRv6 to become blurred. This introduces certain security risks, such as packet injection and path manipulation attacks. Section 6 of [I-D.draft-ietf-spring-srv6-security] identifies these risks as well, including Section 6.2.1 on Modification Attacks and Section 6.2.3 on Packet Insertion. This proposal mitigates these risks by enhancing the HMAC mechanism defined in [RFC8754]. The IETF Secretariat _______________________________________________ spring mailing list -- [email protected] To unsubscribe send an email to [email protected]
