[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ID regarding interactions of IPSec encryption devices and mobile-ip (and other protocols)
During my work with mobile-ipv4 mobile router code and deployment in
operational networks, We have ran across a number of problems that had to
be resolved. Also, during my last trip to IETF (San Francisco), there was
much talk in mobile-ip, NEMO and IPSec on the need for these groups to
understand each others issues and workings as securing mobile users and
networks is ..... challenging (nasty).
I wrote this draft in hopes of highlighting some of the issues and
hopefully preventing others from banging their head against the walls
trying to figure out why things don't work. Also, the NSA is currently
working on a specification similar to IPSec and needs to understand some of
these issues if they want to use such devices in mobile environments.
Any suggestions on improving this document would be greatly appreciated.
http://www.ietf.org/internet-drafts/draft-ivancic-layer3-encryptors-00.txt
Abstract
This document describes some issues related to performing encryption at
layer-3. In particular, routing protocol problems may result if the
time-to-live (TTL) field in IPv4 or the Hop Limit field in IPv6 is
decremented once before encapsulation [1][2]. Also, special provisions may
be necessary within the encryptor devices if broadcast messages are to
transition the encryptor pairs. Maximum Transmission Unit (MTU) issues are
also presented.
Will Ivancic