Authenticated Firewall Traversal with IPsec.
draft-richardson-ipsec-aft-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Michael Richardson | ||
| Last updated | 1996-04-03 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A number of proposed protocols describe mechanisms whereby end to end authentication or privacy may be negotiated: most notable is the IPSEC working group where these issues are dealt with in a general way. Some relating working groups make use of the IPSEC (and related IPv6 facilities) facilities to provide authentication services (mobileip), while other groups (notably SNMPv2, RSVP, OSPF, BGP, AFT and CAT) provide their own facilities. This documents describes some of the common considerations for all of these protocols when there exists security gateway(s) (aka 'firewalls') between the end nodes that are negotiating security. This document does not enter into the debate about node security versus network security. It is assumed that the need for firewall like facilities will continue to exist for sometime. Whether or not IPSEC and/or IPv6 security services make firewalls obsolete or more common will remain a heated question for sometime.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)