PBS NSLP: Network Traffic Authorization
draft-hong-nsis-pbs-nslp-04
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Se Gi Hong , Henning Schulzrinne | ||
| Last updated | 2014-04-17 (Latest revision 2013-10-14) | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-hong-nsis-pbs-nslp-04.txt
Abstract
This document describes the NSIS Signaling Layer protocol (NSLP) for network traffic authorization on the Internet, the Permission-Based Sending (PBS) NSLP. This NSLP aims to prevent Denial-of-Service (DoS) attacks and other forms of unauthorized traffic. PBS NSLP is based on a hybrid approach: a proactive approach of explicitly granting permissions and a reactive approach of monitoring and countering attacks. Signaling installs and maintains the permission state of routers for a data flow. A monitoring mechanism provides a second line of defense against attacks. PBS NSLP uses two security mechanisms: message security for protecting the integrity of the message on end-to-end traffic and channel security for protecting the integrity and confidentiality between adjacent nodes. To authenticate data packets, the PBS NSLP requests a sender to use an existing security protocol, the IPsec Authentication Header (AH).
Authors
Se Gi Hong
Henning Schulzrinne
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)