On Wed, Jan 19, 2022 at 04:53:20PM +0000, Templin (US), Fred L wrote: > > > -----Original Message----- > > From: rtgwg [mailto:[email protected]] On Behalf Of Russ Housley via > > Datatracker > > Sent: Tuesday, January 18, 2022 2:22 PM > > To: [email protected] > > Cc: [email protected]; [email protected] > > Subject: Secdir early review of draft-ietf-rtgwg-atn-bgp-12 > > [...] > > Section 5 says: "...tunnels packets directly between Proxys ...". > > Are these IPsec tunnels? I am trying to fully understand when the > > tunnels require IPsec (or some other security protocol) and when they > > do not. > > This is a good point. We want to establish an environment where security > tunneling is used to protect only control messages and BGP protocol > messages while unsecured tunneling is used to convey data plane packets > when higher-layer security is used end-to-end. Again, more words may > help clarify.
Without looking too hard at the specifics of this draft's situation, as a general statement, knowing that higher-layer security is used end-to-end is hard to 100% reliably determine, and the cost of getting it wrong can be very high. As a general design pattern, having multiple layers of crypto that aim to protect different aspects of the traffic is perfectly fine, and in some cases actually required in order to get the needed properties. If the only tunnel available is a secure tunnel, then you don't have to worry about getting the decision wrong. Looking at the specific scenario in ยง5, it is not a direct analogue of the scenario I describe, but I would caution against being too eager to discard the certainty of always having a secure tunnel. -Ben _______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
