Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
2Activity

Table Of Contents

1.2 Audience
1.3 Related Documents
2. Design Objectives
2.1 Goals/Objectives/Requirements/Problem Description
2.2 Caveats and Assumptions
3. System Overview
3.1 What IPsec Does
3.2 How IPsec Works
4.1 Definition and Scope
4.2 Security Association Functionality
4.3 Combining Security Associations
4.4 Security Association Databases
4.4.1 The Security Policy Database (SPD)
4.4.2 Selectors
4.4.3 Security Association Database (SAD)
4.5 Basic Combinations of Security Associations
4.6 SA and Key Management
4.6.1 Manual Techniques
4.6.2 Automated SA and Key Management
4.6.3 Locating a Security Gateway
4.7 Security Associations and Multicast
5. IP Traffic Processing
5.1 Outbound IP Traffic Processing
5.1.1 Selecting and Using an SA or SA Bundle
5.1.2 Header Construction for Tunnel Mode
5.1.2.1 IPv4 -- Header Construction for Tunnel Mode
5.1.2.2 IPv6 -- Header Construction for Tunnel Mode
5.2 Processing Inbound IP Traffic
5.2.1 Selecting and Using an SA or SA Bundle
5.2.2 Handling of AH and ESP tunnels
6. ICMP Processing (relevant to IPsec)
6.1 PMTU/DF Processing
6.1.1 DF Bit
6.1.2 Path MTU Discovery (PMTU)
6.1.2.1 Propagation of PMTU
6.1.2.2 Calculation of PMTU
6.1.2.3 Granularity of PMTU Processing
6.1.2.4 PMTU Aging
7. Auditing
8. Use in Systems Supporting Information Flow Security
8.1 Relationship Between Security Associations and Data Sensitivity
8.2 Sensitivity Consistency Checking
8.3 Additional MLS Attributes for Security Association Databases
8.4 Additional Inbound Processing Steps for MLS Networking
8.5 Additional Outbound Processing Steps for MLS Networking
8.6 Additional MLS Processing for Security Gateways
9. Performance Issues
10. Conformance Requirements
11. Security Considerations
12. Differences from RFC 1825
Acknowledgements
Appendix A -- Glossary
Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues
B.1 DF bit
B.2 Fragmentation
B.3 Path MTU Discovery
B.3.1 Identifying the Originating Host(s)
B.3.2 Calculation of PMTU
B.3.3 Granularity of Maintaining PMTU Data
B.3.4 Per Socket Maintenance of PMTU Data
B.3.5 Delivery of PMTU Data to the Transport Layer
B.3.6 Aging of PMTU Data
Appendix C -- Sequence Space Window Code Example
Appendix D -- Categorization of ICMP messages
References
Disclaimer
Author Information
0 of .
Results for:
No results containing your search query
P. 1
rfc2401

rfc2401

Ratings: (0)|Views: 254 |Likes:
Published by Yogesh Bansal

More info:

Published by: Yogesh Bansal on May 22, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/22/2011

pdf

text

original

You're Reading a Free Preview
Pages 4 to 6 are not shown in this preview.
You're Reading a Free Preview
Pages 10 to 67 are not shown in this preview.

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->