The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] draft-ietf-mpls-in-ip-or-gre-04.txt
Hi Eric, On Mon, 26 Jan 2004, Eric Rosen wrote: > > Rahul> The updated text is specifying some of the procedures for encapsulating > Rahul> MPLS in IPsec. > > I would say "for encapsulating MPLS-in-IP in IPsec and for encapsulating > MPLS-in-GRE in IPsec". > > Rahul> This seems to be outside the scope of this draft, > > Security AD Steve Bellovin explicitly requested more details on how to use > IPsec to secure the IP or GRE tunnel. So I don't think the IESG agrees with > you that this is outside the scope of the document. > > > IESG indeed requested more details with respect to security considerations when IPsec is used and how to use IPsec to secure MPLS packets. I don't think that implies adding all the procedures to the security considerations of this draft. There seem to be two choices: 1. Reference a separate MPLS in IPsec ID, in draft-ietf-mpls-in-ip-or-gre-04.txt that contains detailed security considerations and procedures on how to encapsulate MPLS in IPsec. draft-raggarwa-mpls-ipsec-00.txt can be this ID. This has the advantage of not making too many changes to draft-ietf-mpls-in-ip-or-gre-04.txt that has gone through WG last call and still achieving what the IESG wants. 2. Add all the procedures to the security considerations of draft-ietf-mpls-in-ip-or-gre. The updated draft has taken this route and made significant changes. And the text is still not complete. Further details on security considerations as in section 1.1 of draft-raggarwa-mpls-ipsec, b) Tunnel mode applicability c) Procedures at egress PE are some examples. Given the above, option (1) seems reasonable. Thanks, rahul
|
|