IKE extensions to support Dynamic Policies

Document Type Expired Internet-Draft (individual in sec area)
Last updated 2015-10-14 (latest revision 2001-01-25)
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Steven Bellovin
IESG note Under WG Review
Responsible: bellovin
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


As IPsec is widely deployed, there is increasing need to negotiate security keys using IKE at application level granularity. IKE, as currently proposed, has restrictions in negotiating keys for applications with bundled sessions and complex policies. The draft identifies the problem with IKE and suggests extensions to make IKE application and policy friendly. The proposed solution suggests extensions to the conceptual operation of IPsec as well as IKE, but does not require changes to existing IKE payloads. The document introduces a new policy payload that complements existing IKE payloads and suggests replacing ID payload with the Policy payload, in Quick mode.


Pyda Srisuresh (srisuresh@yahoo.com)
Vilhuber J (vilhuber@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)