draft-ietf-v6ops-ipsec-tunnels-03

Using IPsec to Secure IPv6-in-IPv4 Tunnels

draft-ietf-v6ops-ipsec-tunnels-03

Richard Graveman Mohan Parthasarathy

Pekka Savola (editing) Hannes Tschofenig

IETF 67, 6 November 2006San Diego

draft-ietf-v6ops-ipsec-tunnels-03

History

Completed WG LC in August 2005 Added brief discussion of AH Fixed BYPASS rule

Received reviews from P. Eronen and F. Dupont Fixed PAD and other easy items Supporting IPsec tunnel mode turned out to be more

complicated Recommended supporting just transport mode IPsec at last

meeting Followed up on subsequent discussion and posted -03

draft-ietf-v6ops-ipsec-tunnels-03

Version -03 Changes

Aligns SPD representation format with RFC 4301 Describes IKEv2 Peer Authorization Database (PAD) entries

At least IPv4 addresses and shared keys should be supported Adds references to other documents describing using transport mode in a

similar context (RFC3884, RFC3193, RFC4023) Moves tunnel mode discussion to appendix

Recommends transport mode Keeps discussion of the tunnel mode issues Notes that tunnel mode (when implemented without an interface) may be applicable in

scenarios where the lack of multicast and link-local traffic is not an issue and, e.g., MOBIKE is needed

Moves tunnel mode implementation approach discussion to appendix Interface or not, SSPD/GSPD

Also moves Dynamic Address Configuration, NAT traversal and Mobility, and Tunnel Endpoint Discovery to appendix The first two are most applicable to tunnel mode which is in appendix The last requires manual configuration so TEP discovery does not work well right now

draft-ietf-v6ops-ipsec-tunnels-03

Summary

Authors believe all issues have been addressed Suggest one-week WG LC