Browse Prior Art Database

Sun's SKIP Firewall Traversal for Mobile IP (RFC2356)

IP.com Disclosure Number: IPCOM000002926D
Original Publication Date: 1998-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 20 page(s) / 49K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Montenegro: AUTHOR [+2]

Abstract

The Mobile IP specification establishes the mechanisms that enable a mobile host to maintain and use the same IP address as it changes its point of attachment to the network. Mobility implies higher security risks than static operation, because the traffic may at times take unforeseen network paths with unknown or unpredictable security characteristics. The Mobile IP specification makes no provisions for securing data traffic. The mechanisms described in this document allow a mobile node out on a public sector of the internet to negotiate access past a SKIP firewall, and construct a secure channel into its home network.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group G. Montenegro

Request for Comments: 2356 V. Gupta

Category: Informational Sun Microsystems, Inc.

June 1998

Sun's SKIP Firewall Traversal for Mobile IP

Status of This Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

The Mobile IP specification establishes the mechanisms that enable a

mobile host to maintain and use the same IP address as it changes its

point of attachment to the network. Mobility implies higher security

risks than static operation, because the traffic may at times take

unforeseen network paths with unknown or unpredictable security

characteristics. The Mobile IP specification makes no provisions for

securing data traffic. The mechanisms described in this document

allow a mobile node out on a public sector of the internet to

negotiate access past a SKIP firewall, and construct a secure channel

into its home network.

In addition to securing traffic, our mechanisms allow a mobile node

to roam into regions that (1) impose ingress filtering, and (2) use a

different address space.

Table of Contents

1. Introduction ............................................... 2

2. Mobility without a Firewall ................................ 4

3. Restrictions imposed by a Firewall ......................... 4

4. Two Firewall Options: Application relay and IP Security .... 5

4.1 SOCKS version 5 [4] ....................................... 5

4.2 SKIP [3] .................................................. 6

5. Agents and Mobile Node Configurations ...................... 8

6. Supporting Mobile IP: Secure Channel Configurations ........ 9

6.1 I: Encryption only Outside of Private Network ............. 9

6.2 II: End-to-End Encryption ................................. 10

6.3 III: End-to-End Encryption, Intermediate Authentication ... 10

6.4 IV: Encryption Inside and Outside ......................... 10

6.5 Choosing a Secure Channel Configuration ................... 11

7. Mobile IP Registration Procedure with a SKIP Firewall ...... 11

7.1. Registration Request through the Firewall ................ 12

7.1.1. On the Outside (Public) Network ........................ 13

7.1.2. On the Inside (Private) Network ........................ 14<...