Skip to main content

NGISec-NAT and QoS compatible End-to-End Secure Communication
draft-shukla-ipsec-nat-qos-compatible-security-00

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Jayant Shukla
Last updated 2000-11-08
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document outlines a new approach, called NGISec, for end-to-end secure communication system that is compatible with other networking protocols. Such a solution is needed because IPSec is incompatible with network address translation (NAT), ICMP, and QoS protocols such as differentiated services, RSVP, RED, and ECN. Most of the proposed solutions to mitigate or remove the incompatibility problems of IPSec only address a small sub-section of the problems, and proposed solutions have severe drawbacks. By using our proposed approach, one can achieve end-to-end secure communication in LANs, VPNs, and network-to-network connections. This approach can be viewed as an alternative to IPSec that solves the severe problems faced by IPSec and paves the way for simultaneous use of security and QoS services. While it is aimed to be an alternative to IPSec, it re-uses critical components of the IPSec infrastructure such as the Internet key exchange (IKE). An interesting aspect of the proposed protocol is that it also allows the use of SSL/TLS to build VPNs.

Authors

Jayant Shukla

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)