[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter IPSEC WG



Steve (Crocker),

Although I agree that fully specified key management is important, I
don't agree that an IP security protocol would be "unusable" without
it. I can think of some immediate and valuable applications for IP
level security around here even if it only supported manually
installed DES keys for the time being.

For example, when combined with IP encapsulation one only need
implement IP security in a few "security gateways" to provide an
interim "pseudo link level" security feature between trusting
communities of hosts separated by untrusted networks. For example,
consider a multi-site company who wants to replace their dedicated
intersite leased lines with public Internet connections.

Eventually, as more hosts implement the security protocol, and as the
general key management protocols become available, the hosts could
begin to take responsibility for their own security. If someday all
the hosts support the IP security protocol, then the encapsulating
security gateways could be retired.

I think the IP security work factors very nicely into two parallel
tasks: the IP security protocol itself (authentication and encryption
of IP datagrams assuming the existence of a shared key for each host
pair using the protocol), and the protocol mechanisms for establishing
those keys.

I see no reason to delay work on the former until the latter is done.

Phil


Follow-Ups: