IKE extensions to support Dynamic Policies
draft-srisuresh-ike-policy-extensions-00
| Document | Type | Expired Internet-Draft (individual in sec area) | |
|---|---|---|---|
| Authors | Pyda Srisuresh , J Vilhuber | ||
| Last updated | 2015-10-14 (Latest revision 2001-01-25) | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired (IESG: Dead) | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Steven M. Bellovin | ||
| IESG note |
Under WG Review Responsible: bellovin |
||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-srisuresh-ike-policy-extensions-00.txt
Abstract
As IPsec is widely deployed, there is increasing need to negotiate security keys using IKE at application level granularity. IKE, as currently proposed, has restrictions in negotiating keys for applications with bundled sessions and complex policies. The draft identifies the problem with IKE and suggests extensions to make IKE application and policy friendly. The proposed solution suggests extensions to the conceptual operation of IPsec as well as IKE, but does not require changes to existing IKE payloads. The document introduces a new policy payload that complements existing IKE payloads and suggests replacing ID payload with the Policy payload, in Quick mode.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)