Use of IPsec Transport Mode for Dynamic Routing
RFC 3884

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: RFC Editor <>
Cc: The IESG <>, <>,
Subject: Re: Informational RFC to be: 

The IESG has no problem with the publication of 'Use of IPsec Transport 
Mode for Dynamic Routing' <draft-touch-ipsec-vpn-08.txt> as an 
Informational RFC. 

The IESG would also like the IRSG or RFC-Editor to review the comments in 
the datatracker 
related to this document and determine whether or not they merit 
incorporation into the document. Comments may exist in both the ballot 
and the comment log. 

The IESG contact person is Russ Housley.

A URL of this Internet-Draft is:

The process for such documents is described at

Thank you,

The IESG Secretary

Technical Summary

  IPsec can be used to secure the links of a virtual private network
  (VPN).  Virtual links established by IPsec tunnel mode conflict with
  routing and forwarding inside the virtual network, due to the IP
  routing dependence on references to interfaces and next-hop IP
  addresses.  This document proposes a solution, called IIPtran, in
  which IPIP encapsulation separate from IPsec is used together with
  transport-mode IPsec.  IPIP tunnel encapsulation occurs as a separate
  initial step, based on a forwarding lookup of the VN packet.  After
  the forwarding lookup, IPsec transport mode processes the resulting
  (tunneled) IP packet with an SA determined through a security
  association database (SAD) match on the tunnel header.

Protocol Quality

  This document was reviewed by Russ Housley for the IESG.


  This document is not a candidate for any level of Internet
  Standard.  The IETF disclaims any knowledge of the fitness of this
  document for any purpose, and in particular notes that it has not
  had IETF review for such things as security, congestion control or
  inappropriate interaction with deployed protocols.  The RFC Editor
  has chosen to publish this document at its discretion.  Readers of
  this document should exercise caution in evaluating its value for
  implementation and deployment.