Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

To: Stephen Kent <kent at bbn.com>
Subject: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
From: "Howard C. Berkowitz" <hcb at clark.net>
Date: Tue, 31 Mar 1998 14:08:38 -0500 (EST)
Cc: ietf at ns.ietf.org
Delivery-date: Tue, 31 Mar 1998 14:22:39 -0500
In-reply-to: <v03110703b146bda06a02@[128.33.238.131]>
References: <v03007802b146019564cb@[142.154.136.3]> <35207D29.4E146A86@erols.com> <199803310056.TAA04910@thunk.orchard.arlington.ma.us>

At 10:36 -0500 3/31/98, Stephen Kent wrote:
>Howard,
>
>IPsec provides for host-to-host, host-to-gateway, and gateway-to-gateway
>modes of use.  In the host-to-host case, the granularity of an SA can be as
>fine as a port pair, or as coarse as an IP address pair.  So, many of the
>issues you raised are already addressed by the specs.
>
>Steve

Let me try to rephrase.  Yes, I have read the spec and understand these
modes are present.  I am raising concerns about the applicability of these
modes, since some significant user communities have insisted on
host-to-host, a technique that can complicate administration and make it
extremely difficult to use some infrastructure techniques such as NAT.  The
issue of a trusted NAT has been dismissed by some.  I'd simply like to see
more security analysis alternatives in the document or referenced by it.
Otherwise, I have the sense of several working groups each saying "this is
our protocol/mechanism and it's irrelevant how other mechanisms interact
with it."

Follow-Ups:
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Robert Moskowitz
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Stephen Kent
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Perry E. Metzger

References:
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Howard C. Berkowitz
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Alan Blair
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Bill Sommerfeld
- Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
  - From: Stephen Kent

Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Previous by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.