IKE extensions to support Dynamic Policies
draft-srisuresh-ike-policy-extensions-00
Document | Type |
Expired Internet-Draft
(individual in sec area)
Expired & archived
|
|
---|---|---|---|
Authors | Pyda Srisuresh , J Vilhuber | ||
Last updated | 2015-10-14 (Latest revision 2001-01-25) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Expired (IESG: Dead) | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Steven M. Bellovin | ||
IESG note | |||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
As IPsec is widely deployed, there is increasing need to negotiate security keys using IKE at application level granularity. IKE, as currently proposed, has restrictions in negotiating keys for applications with bundled sessions and complex policies. The draft identifies the problem with IKE and suggests extensions to make IKE application and policy friendly. The proposed solution suggests extensions to the conceptual operation of IPsec as well as IKE, but does not require changes to existing IKE payloads. The document introduces a new policy payload that complements existing IKE payloads and suggests replacing ID payload with the Policy payload, in Quick mode.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)