Best regards,
Yangfei Guo.
============================
From: Michael Richardson
Date: 2022-09-19 22:17
To: Paul Wouters; ipsec
CC: guoyang...@zgclab.edu.cn
Subject: Re: [IPsec] FW: New Version Notification for draft-xu-erisav-00.txt
and draft-xu-risav-00
Paul Wouters wrote:
> I am a bit confused why the source address needs to be cryptographically
> verified to make SAV based decisions. What would be the scenarios of
> inter AS communication where the packet is maliciously modified between
> the two ASes but in such a way that
On Fri, 16 Sep 2022, guoyang...@zgclab.edu.cn wrote:
Source Address Validation (SAV) is a problem that can be partially solved by
using IPsec or other approaches. However, IPsec AH needs to hash the whole
changeless fileds of the length-vairable packet and IPsec ESP needs to encrypt
the whole
guoyang...@zgclab.edu.cn wrote:
> The drafts' link are
> 1. https://datatracker.ietf.org/doc/draft-xu-erisav/
} IPsec IKE negotiates the tag tagged in the packet. IKE also negotiates the
} authentication algorithm, authentication key, and others specified by
} SA. These will be stored
guoyang...@zgclab.edu.cn wrote:
> IPsec is an important protocol family of the Internet. And we think it
> may be more powerful just by adding a few changes to it.
> Source Address Validation (SAV) is a problem that can be partially
> solved by using IPsec or other approaches.
Dear all,
IPsec is an important protocol family of the Internet. And we think it may be
more powerful just by adding a few changes to it.
Source Address Validation (SAV) is a problem that can be partially solved by
using IPsec or other approaches. However, IPsec AH needs to hash the whole
