RFC 2356 (rfc2356) - Page 1 of 24
Sun's SKIP Firewall Traversal for Mobile IP
Alternative Format: Original Text Document
Network Working Group G. Montenegro
Request for Comments: 2356 V. Gupta
Category: Informational Sun Microsystems, Inc.
June 1998
Sun's SKIP Firewall Traversal for Mobile IP
Status of This Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Abstract
The Mobile IP specification establishes the mechanisms that enable a
mobile host to maintain and use the same IP address as it changes its
point of attachment to the network. Mobility implies higher security
risks than static operation, because the traffic may at times take
unforeseen network paths with unknown or unpredictable security
characteristics. The Mobile IP specification makes no provisions for
securing data traffic. The mechanisms described in this document
allow a mobile node out on a public sector of the internet to
negotiate access past a SKIP firewall, and construct a secure channel
into its home network.
In addition to securing traffic, our mechanisms allow a mobile node
to roam into regions that (1) impose ingress filtering, and (2) use a
different address space.
Table of Contents
1. Introduction ............................................... 2
2. Mobility without a Firewall ................................ 4
3. Restrictions imposed by a Firewall ......................... 4
4. Two Firewall Options: Application relay and IP Security .... 5
4.1 SOCKS version 5 [4] ....................................... 5
4.2 SKIP [3] .................................................. 6
5. Agents and Mobile Node Configurations ...................... 8
6. Supporting Mobile IP: Secure Channel Configurations ........ 9
6.1 I: Encryption only Outside of Private Network ............. 9
6.2 II: End-to-End Encryption ................................. 10
6.3 III: End-to-End Encryption, Intermediate Authentication ... 10
Montenegro & Gupta Informational