Browse Prior Art Database

RSIP Support for End-to-end IPsec (RFC3104)

IP.com Disclosure Number: IPCOM000005855D
Original Publication Date: 2001-Oct-01
Included in the Prior Art Database: 2001-Nov-13
Document File: 20 page(s) / 39K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Montenegro: AUTHOR [+2]

Abstract

This document proposes mechanisms that enable Realm Specific IP (RSIP) to handle end-to-end IPsec (IP Security).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group                                      G. Montenegro

Request for Comments: 3104                        Sun Microsystems, Inc.

Category: Experimental                                        M. Borella

                                                               CommWorks

                                                            October 2001

                   RSIP Support for End-to-end IPsec

Status of this Memo

   This memo defines an Experimental Protocol for the Internet

   community.  It does not specify an Internet standard of any kind.

   Discussion and suggestions for improvement are requested.

   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

IESG Note

   The IESG notes that the set of documents describing the RSIP

   technology imply significant host and gateway changes for a complete

   implementation.  In addition, the floating of port numbers can cause

   problems for some applications, preventing an RSIP-enabled host from

   interoperating transparently with existing applications in some cases

   (e.g., IPsec).  Finally, there may be significant operational

   complexities associated with using RSIP.  Some of these and other

   complications are outlined in section 6 of the RFC 3102, as well as

   in the Appendices of RFC 3104.  Accordingly, the costs and benefits

   of using RSIP should be carefully weighed against other means of

   relieving address shortage.

Abstract

   This document proposes mechanisms that enable Realm Specific IP

   (RSIP) to handle end-to-end IPsec (IP Security).

Montenegro & Borella          Experimental                      [Page 1]

RFC 3104           RSIP Support for End-to-end IPsec        October 2001

Table of Contents

   1. Introduction ..................................................  2

   2. Model .........................................................  2

   3. Implementation Notes ..........................................  3

   4. IKE Handling and Demultiplexing ...............................  4

   5. IPsec Handling and Demultiplexing .............................  5

   6. RSIP Protocol Extensions ......................................  6

      6.1 IKE Support in RSIP .......................................  6

      6.2 IPsec Support in RSIP .....................................  7

   7. IANA Considerations ........................................... 10

   8. Security Considerations ....................................... 10

   9. Acknowledgements .............................................. 10

   References ....................................................... 11

   Authors' Addresses ............................................... 12

   Appendix A: On Optional Port Allocation to RSIP Clients .......... 13

   Appendix B: RSIP Error Numbers for IKE and IPsec Support ......... 14

   Appendix C: Message Type Values for IPsec Support ................ 14

   Appendix D: A Note on Flow Policy Enforcement .................... 14

   Appendix E: Remote Host Rekeying ................................. 14

   Appendix F: Example Application Scenarios ........................ 15

   Appendix G: Thoughts on Supporting Incoming Connections .......... 17

   Full Copyright Statement ......................................... 19

1. Introduction

   This document specifies RSIP extensions to enable end-to-end IPsec.

   It assumes the...