[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Where does security belong?

To: teb@saturn.sys.acc.com (Tom Benkart)
Subject: Re: Where does security belong?
From: smb@research.att.com
Date: Wed, 02 Dec 92 08:54:55 EST
Cc: ipsec@ans.net

	 Conspicuously absent from the discussion is any mention of access
	 control, which would have to be done at the IP level since routers
	 might need to restrict routes based on that information.  It is
	 also interesting that access control is about the only thing the
	 current RIPSO/CIPSO provides.  Is the lack of mention of access
	 control because no one really wants/needs it, or because it is
	 assumed as a given?

In a complex network, RIPSO/CIPSO do no good without encryption or
at least authentication.  If you can't can't trust parts of the network,
you can't trust them not to insert bogus security options.  If your
topology is restricted enough, you might be ok -- but that's not the
general case.  Part of the specs for things like SP3 include looking
at the security label to pick the appropriate skey, so they do interact.

Prev by Date: Where does security belong?
Next by Date: Re: Where does security belong?
Prev by thread: Re: Where does security belong?
Next by thread: Re: Where does security belong?
Index(es):
- Main
- Thread