On Securely Enabling Intermediary Based Services and Performance Enhancements for Wireless Mobile Users

Intermediary-based services and performance optimization are increasingly being considered, by network service providers, with a view towards offering value-added services and improving the user experience of wireless mobile clients at reduced costs. However, in the presence of an end-to-end security mechanism such as IPsec, it is impossible to offer such services without fully compromising end-to-end security. We propose a new architecture to enable intermediary-based services for wireless mobile users while maintaining an acceptable level of end-to-end security. As a part of our architecture, we present a new IPsec option called Encapsulating Security Variable Payload (ESVP)> We identify several important issues related to the architecture and discuss methods for addressing them.