Hi, We (Amjad and I) have published new version of "Data over IKEv2 for application security" draft based on inputs/comments received. Please review and provide comments/inputs/questions.
Kind Regards, Raj -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, March 12, 2014 5:13 PM To: Amjad Inamdar (amjads); Rajeshwar Singh Jenwar (rsj); Rajeshwar Singh Jenwar (rsj); Amjad Inamdar (amjads) Subject: New Version Notification for draft-amjads-ipsecme-ikev2-data-channel-01.txt A new version of I-D, draft-amjads-ipsecme-ikev2-data-channel-01.txt has been successfully submitted by Amjad S. Inamdar and posted to the IETF repository. Name: draft-amjads-ipsecme-ikev2-data-channel Revision: 01 Title: IKEv2 based lightweight secure data communication draft-amjads-ipsecme-ikev2-data-channel-01 (D-IKE) Document date: 2014-03-12 Group: Individual Submission Pages: 15 URL: http://www.ietf.org/internet-drafts/draft-amjads-ipsecme-ikev2-data-channel-01.txt Status: https://datatracker.ietf.org/doc/draft-amjads-ipsecme-ikev2-data-channel/ Htmlized: http://tools.ietf.org/html/draft-amjads-ipsecme-ikev2-data-channel-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-amjads-ipsecme-ikev2-data-channel-01 Abstract: The Internet Key Exchange (IKEv2) protocol provides authentication, confidentiality, integrity, data-origin authentication and anti- replay. Currently, IKEv2 is mainly used as a control channel to negotiate IPsec SA(s). IPsec is not well suited to provide transport layer security for applications as it resides at the network layer and most of the IPsec implementations require integration into operating systems making it difficult to deploy. IPsec uses different sessions for control and data traffic which is not NAT and load balancer friendly. TLS/DTLS, the other popular security mechanism to provide the above security services does not mandate mutual peer authentication and Diffie Hellman exchange. This document describes an IKEv2 based lightweight secure data communication protocol and a way to provide transport layer security for UDP client/server applications. The protocol provides integrity protected encryption and integrity-only protection based on application needs. As most of the IoT applications are UDP based, IKEv2 can be used for key management as well secure data communication in IoT due to its simplicity, scalability, lightweightedness and ease of deployment. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
