I-D Action: draft-mglt-6lo-diet-esp-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Diet-ESP: a flexible and compressed format for IPsec/ESP
        Authors         : Daniel Migault
                          Tobias Guggemos
	Filename        : draft-mglt-6lo-diet-esp-00.txt
	Pages           : 37
	Date            : 2015-01-08

Abstract:
   IPsec/ESP secure every single IP packets exchanged between two nodes.
   This makes security transparent to the applications, as opposed to
   TLS or DTLS for example.

   IPsec/ESP has not widely been used to secure application because
   IPsec is implemented in the kernel space, and IPsec/ESP security
   rules are defined on the device -- similarly to firewall.  In
   addition, IPsec/ESP introduces network overhead on an IP packet
   basis, as opposed as TLS/DTLS that introduces network overhead on an
   UDP or TCP segment basis.  This mostly impacts devices that do not
   perform IP fragmentation.

   Such drawbacks are not anymore valid for IoT, and the IPsec/ESP may
   even better fits IoT usage and security requirements.  IoT device are
   usually hardware dedicated for a given task or a given application
   which makes Kernel / user land split less significant.  IoT devices
   send data that is most likely expected to fit in a single IP packet.
   Eventually, configuring IPsec/ESP security rules provides the ability
   to enforce the security of the device, as security is not handled on
   a per-application basis.  Then the database structure of the IPsec/
   ESP security policies perfectly match sleeping nodes.

   This document defines Diet-ESP that adapts IPsec/ESP for IoT.  The
   goal of Diet-ESP is to reduce the size of the IPsec/ESP packet sent
   on the wire.  As a result Diet-ESP is expected to compress
   traditional IPsec/ESP packet without impacting the security provided
   by IPsec/ESP.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-mglt-6lo-diet-esp-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux