[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remove tunnel mode from ipsec-tunnels-02?

To: v6ops@ops.ietf.org
Subject: Remove tunnel mode from ipsec-tunnels-02?
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 12 Jul 2006 17:19:09 +0300 (EEST)

Hello,

As proposed at the v6ops meeting [0], the authors ofdraft-ietf-v6ops-ipsec-tunnels-02 propose to remove support for tunnelmode in this particular context (securing v6-in-v4 configuredtunnels).

This is due to issues spotted by Francis [1] and Pasi [2]. Generic"::/0 -> ::/0" selectors could not be made to work withoutinterface-specific SPDs, and those cannot be signalled in IKE (that'srun on top of IPv4) when the tunnel would be IPv6 in a standardizedway. Generic selectors are required for link-local traffic (e.g., ND)to work on the tunnel.

If we go through with this proposed resolution,draft-ietf-v6ops-ipsec-tunnels would only describe transport mode.


Comments are welcome.

[0] http://www3.ietf.org/proceedings/06jul/slides/v6ops-4.pdf
[1] http://ops.ietf.org/lists/v6ops/v6ops.2006/msg00159.html
[2] http://ops.ietf.org/lists/v6ops/v6ops.2006/msg00230.html

For the authors of draft-ietf-v6ops-ipsec-tunnels-02,

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: Remove tunnel mode from ipsec-tunnels-02?
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: Remove tunnel mode from ipsec-tunnels-02?
  - From: Eric Vyncke <evyncke@cisco.com>

Prev by Date: Fwd: Review of draft-ietf-v6ops-nap-02.txt
Next by Date: RE: Review of draft-ietf-v6ops-nap-02.txt
Previous by thread: draft-narten-ipv6-3177bis-48boundary-02.txt
Next by thread: Re: Remove tunnel mode from ipsec-tunnels-02?
Index(es):
- Date
- Thread