|
|
14.1. IntroductionAt the time of this writing (early 2005), the IPsec Working Group is developing specifications for new versions of AH, ESP, and IKE. Although these specifications are still in the Internet Draft stage, they are nearing completion and will soon become RFCs. We can expect that the final versions of these protocols will be essentially as described in this chapter. Because the specifications are not yet in final form, and because it will likely take some time for implementations to appear and be deployed, we do not describe them in the same detail as we have the current versions. Rather, we discuss how they differ from today's versions and what additional problems they solve. For reference, our discussion is based on the following drafts:
We also discuss NAT Traversal (NAT-T), a method of easing the interoperability problems between NAT and IPsec. The NAT-T specifications, RFC 3947 [Kivinen, Swander, Huttunen, and Volpe 2005] and RFC 3948 [Huttunen, Swander et al. 2005], were released in January 2005, so implementations should start appearing soon. We discuss NAT-T in detail and see how it can overcome most of the problems that IPsec has when running in an environment that includes NAT. |
|
|