Labeled IPsec Traffic Selector support for IKEv2

The information below is for an old version of the document
Document Type Expired Internet-Draft (ipsecme WG)
Authors Paul Wouters  , Sahana Prasad 
Last updated 2021-05-03 (latest revision 2020-10-30)
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document (wg milestone: Aug 2020 - The security labels ... )
Document shepherd Tero Kivinen
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to Tero Kivinen <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines a new Traffic Selector (TS) Type for Internet Key Exchange version 2 to add support for negotiating Mandatory Access Control (MAC) security labels as a traffic selector of the Security Policy Database (SPD). Security Labels for IPsec are also known as "Labeled IPsec". The new TS type is TS_SECLABEL, which consists of a variable length opaque field specifying the security label. This document updates the IKEv2 TS negotiation specified in RFC 7296 Section 2.9.


Paul Wouters (
Sahana Prasad (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)