[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New Internet Draft - MIKE
Greetings,
[Due to submission deadline I can only make my new Draft available this way for now - submission to internet-drafts registry follows]
Abstract
This document describes a protocol which allows to authenticate
systems and establish Security Associations in networks with
different domains of security. The protocol is not only end-to-end,
but it involves all participating systems in a single exchange.
Further it allows security gateways to derive sub-policies for
crossing (encrypted) IPSec-traffic from "conventional" packet
filtering rules in a trusted manner.
The draft does not only specify a protocol, but it also describes the requirements in complex network environments for a surrounding security policy management.
Feel free to get a copy from
http://www.imib.med.tu-dresden.de/imib/Internet/ike/draft-martius-ipsec-mike-00.txt
(if you have problems reaching this site, I'll send you a copy directly)
The draft comes (late ;-) after a presentation in Minneapolis at the IPSec Policy BoF
http://www.ietf.org/proceedings/99mar/44th-99mar-ietf-118.html
Kai
------------------------------------------------------------------
Kai Martius
secunet Security Networks AG, Dresden
(previous) homepage, IPSec-related stuff and PGP keys under:
http://www.imib.med.tu-dresden.de/imib/personal/kai.html