Authenticated Firewall Traversal with IPsec.
draft-richardson-ipsec-aft-00

Document Type Expired Internet-Draft (individual)
Last updated 1996-04-03
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-richardson-ipsec-aft-00.txt

Abstract

A number of proposed protocols describe mechanisms whereby end to end authentication or privacy may be negotiated: most notable is the IPSEC working group where these issues are dealt with in a general way. Some relating working groups make use of the IPSEC (and related IPv6 facilities) facilities to provide authentication services (mobileip), while other groups (notably SNMPv2, RSVP, OSPF, BGP, AFT and CAT) provide their own facilities. This documents describes some of the common considerations for all of these protocols when there exists security gateway(s) (aka 'firewalls') between the end nodes that are negotiating security. This document does not enter into the debate about node security versus network security. It is assumed that the need for firewall like facilities will continue to exist for sometime. Whether or not IPSEC and/or IPv6 security services make firewalls obsolete or more common will remain a heated question for sometime.

Authors

Michael Richardson (mcr@sandelman.ottawa.on.ca)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)