"IPsec Channels: Connection Latching", Nicolas Williams, 9-Apr-09. ( bytes)

This document specifies, abstractly, how to interface applications and transport protocols with IPsec so as to create "channels" by latching "connections" (packet flows) to certain IPsec Security Association (SA) parameters for the lifetime of the connections. Connection latching is layered on top of IPsec and does not modify the underlying IPsec architecture. Connection latching can be used to protect applications against accidentally exposing live packet flows to unintended peers, whether as the result of a reconfiguration of IPsec or as the result of using weak peer identity to peer address associations. Weak association of peer ID and peer addresses is at the core of Better Than Nothing Security (BTNS), thus connection latching can add a significant measure of protection to BTNS IPsec nodes. Finally, the availability of IPsec channels will make it possible to use channel binding to IPsec channels.

"C-Bindings for IPsec Application Programming Interfaces", Michael Richardson, Nicolas Williams, Miika Komu, Sasu Tarkoma, 24-Mar-09. ( bytes)

IPsec based security is usually transparent for applications and they have no standard APIs for gathering information on connection security properties. This document specifies an API that increases the visibility of IPsec to applications. The API allows applications to allow BTNS extensions, control the channel bindings, and control also other security properties related to IPsec. This document presents C-bindings to the abstract BTNS API.

"IPsec End-Point Channel Bindings and API", Nicolas Williams, 9-Apr-09. ( bytes)

This document defines channel bindings for IPsec and describes an abstract API and a BSD sockets API extension for obtaining channel bindings of "connection latches".

Return to Internet-Draft directory.

Return to IETF home page.