Use of IPsec Transport Mode for Dynamic Routing
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: RFC Editor <email@example.com> Cc: The IESG <firstname.lastname@example.org>, <email@example.com>, firstname.lastname@example.org Subject: Re: Informational RFC to be: draft-touch-ipsec-vpn-08.txt The IESG has no problem with the publication of 'Use of IPsec Transport Mode for Dynamic Routing' <draft-touch-ipsec-vpn-08.txt> as an Informational RFC. The IESG would also like the IRSG or RFC-Editor to review the comments in the datatracker (https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=5273&rfc_flag=0) related to this document and determine whether or not they merit incorporation into the document. Comments may exist in both the ballot and the comment log. The IESG contact person is Russ Housley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-touch-ipsec-vpn-08.txt The process for such documents is described at http://www.rfc-editor.org/indsubs.html. Thank you, The IESG Secretary
Technical Summary IPsec can be used to secure the links of a virtual private network (VPN). Virtual links established by IPsec tunnel mode conflict with routing and forwarding inside the virtual network, due to the IP routing dependence on references to interfaces and next-hop IP addresses. This document proposes a solution, called IIPtran, in which IPIP encapsulation separate from IPsec is used together with transport-mode IPsec. IPIP tunnel encapsulation occurs as a separate initial step, based on a forwarding lookup of the VN packet. After the forwarding lookup, IPsec transport mode processes the resulting (tunneled) IP packet with an SA determined through a security association database (SAD) match on the tunnel header. Protocol Quality This document was reviewed by Russ Housley for the IESG. IESG Note This document is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this document for any purpose, and in particular notes that it has not had IETF review for such things as security, congestion control or inappropriate interaction with deployed protocols. The RFC Editor has chosen to publish this document at its discretion. Readers of this document should exercise caution in evaluating its value for implementation and deployment.