RFC 5660

IPsec Channels: Connection Latching, October 2009

Canonical URL:
https://www.rfc-editor.org/rfc/rfc5660.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Author:
N. Williams
Stream:
IETF
Source:
btns (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC5660

Discuss this RFC: Send questions or comments to btns@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document specifies, abstractly, how to interface applications and transport protocols with IPsec so as to create "channels" by latching "connections" (packet flows) to certain IPsec Security Association (SA) parameters for the lifetime of the connections. Connection latching is layered on top of IPsec and does not modify the underlying IPsec architecture. Connection latching can be used to protect applications against accidentally exposing live packet flows to unintended peers, whether as the result of a reconfiguration of IPsec or as the result of using weak peer identity to peer address associations. Weak association of peer ID and peer addresses is at the core of Better Than Nothing Security (BTNS); thus, connection latching can add a significant measure of protection to BTNS IPsec nodes. Finally, the availability of IPsec channels will make it possible to use channel binding to IPsec channels. [STANDARDS-TRACK]


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×