NGISec-NAT and QoS compatible End-to-End Secure Communication
draft-shukla-ipsec-nat-qos-compatible-security-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Jayant Shukla | ||
Last updated | 2000-11-08 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document outlines a new approach, called NGISec, for end-to-end secure communication system that is compatible with other networking protocols. Such a solution is needed because IPSec is incompatible with network address translation (NAT), ICMP, and QoS protocols such as differentiated services, RSVP, RED, and ECN. Most of the proposed solutions to mitigate or remove the incompatibility problems of IPSec only address a small sub-section of the problems, and proposed solutions have severe drawbacks. By using our proposed approach, one can achieve end-to-end secure communication in LANs, VPNs, and network-to-network connections. This approach can be viewed as an alternative to IPSec that solves the severe problems faced by IPSec and paves the way for simultaneous use of security and QoS services. While it is aimed to be an alternative to IPSec, it re-uses critical components of the IPSec infrastructure such as the Internet key exchange (IKE). An interesting aspect of the proposed protocol is that it also allows the use of SSL/TLS to build VPNs.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)