Search RFCs
RFC 5660
IPsec Channels: Connection Latching,October 2009
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC5660
Discuss this RFC: Send questions or comments to the mailing listbtns@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 5660
Abstract
This document specifies, abstractly, how to interface applicationsand transport protocols with IPsec so as to create "channels" bylatching "connections" (packet flows) to certain IPsec SecurityAssociation (SA) parameters for the lifetime of the connections.Connection latching is layered on top of IPsec and does not modifythe underlying IPsec architecture.
Connection latching can be used to protect applications againstaccidentally exposing live packet flows to unintended peers, whetheras the result of a reconfiguration of IPsec or as the result of usingweak peer identity to peer address associations. Weak association ofpeer ID and peer addresses is at the core of Better Than NothingSecurity (BTNS); thus, connection latching can add a significantmeasure of protection to BTNS IPsec nodes.
Finally, the availability of IPsec channels will make it possible touse channel binding to IPsec channels. [STANDARDS-TRACK]
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.