Some initial questions/comments: 1. security label is defined as opaque data in the draft, but then how would narrowing work in an inter-op way with opaque data? Or should we define the format for some common use cases (like security enforcement, QoS ...) , and adding a sub-type in TS_SECLABEL 2. currently there are TSi (44) and TSr (45) payload, does it make sense to include TS_SECLABEL in either TSi or TSr? Is there semantic to have separate "initiator SECLABEL" and "responder SECLABEL"? Or does it make more sense to only allow single TS_SECLABEL per message/CHILD_SA, and create a new TS payload type , put TS_SECLABEL in it ?
> -----Original Message----- > From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul Wouters > Sent: Monday, March 05, 2018 7:36 AM > To: email@example.com WG <firstname.lastname@example.org> > Cc: Sahana Prasad <sahana.prasa...@gmail.com> > Subject: [IPsec] Fwd: New Version Notification for draft-sprasad-ipsecme- > labeled-ipsec-00.txt (fwd) > > > > Sahana and I wrote the initial draft for Labeled IPsec. I'm not sure why it > didn't > auto-email the list, so links follow below. Please discuss :) > > Paul > > A new version of I-D, draft-sprasad-ipsecme-labeled-ipsec-00.txt > has been successfully submitted by Sahana Prasad and posted to the IETF > repository. > > Name: draft-sprasad-ipsecme-labeled-ipsec > Revision: 00 > Title: Labeled IPsec Traffic Selector support for IKEv2 > Document date: 2018-03-04 > Group: Individual Submission > Pages: 6 > URL: https://www.ietf.org/internet-drafts/draft-sprasad-ipsecme- > labeled-ipsec-00.txt > Status: > https://datatracker.ietf.org/doc/draft-sprasad-ipsecme-labeled- > ipsec/ > Htmlized: https://tools.ietf.org/html/draft-sprasad-ipsecme-labeled- > ipsec-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-sprasad-ipsecme- > labeled-ipsec-00 > > > Abstract: > Some IPsec implementations support Security Labels otherwise known as > Security Contexts, to be configured as a selector within the Security > Policy Database (SPD) for IPsec SAs. This document adds support to > IKEv2 to negotiate these Security Labels or Contexts using a new > Traffic Selector (TS) Type TS_SECLABEL. The approach is named > "Labeled IPsec". It assumes that the SPD processing of RFC 4303 is > already extended to support Security Labels. This document only adds > the ability for IKE to negotiate the Security Labels used with the > SPD. > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec