A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : PBS NSLP: Network Traffic Authorization
Author(s) : S. Hong, H. Schulzrinne
Filename : draft-hong-nsis-pbs-nslp-03.txt
Pages : 27
Date : 2010-01-12
This document describes the NSIS Signaling Layer protocol (NSLP) for
network traffic authorization on the Internet, the Permission-Based
Sending (PBS) NSLP. This NSLP aims to prevent Denial-of-Service
(DoS) attacks and other forms of unauthorized traffic. PBS NSLP is
based on the proactive approach of explicitly granting permissions
and the reactive approach of monitoring and reacting against the
attacks. Signaling installs and maintains the permission state of
routers for a data flow. PBS NSLP uses two security mechanisms:
message security in an end-to-end fashion and channel security in a
hop-by-hop fashion. The message security is for protecting the
integrity of the message on end-to-end traffic and channel security
is for protecting the integrity and confidentiality between adjacent
nodes. These security mechanisms enable the secure distribution of
shared keys, as well as protection of signaling messages. To
authenticate data packets, the PBS NSLP requests a sender to use an
existing security protocol, the IPsec Authentication Header (AH).
This allows routers to drop bogus packets by using an IP packet
filter. To avoid a compromised router that drops legitimate packets,
the PBS NSLP triggers the sender to change the data flow path.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 16, 2010.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hong-nsis-pbs-nslp-03.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-hong-nsis-pbs-nslp-03.txt>
-
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt