[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: >IPSEC Charter - New Dra

To: pmetzger@lehman.com
Subject: Re: >IPSEC Charter - New Dra
From: Steve Kent <kent@BBN.COM>
Date: Mon, 07 Feb 94 10:12:30 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of Fri, 04 Feb 94 11:14:28 -0500. <199402041614.LAA17988@snark>

Perry,

	One could do nothing more than make use of the services
offered by a security protocol for end-to-end protection at layer 3,
but this would ignore many of the potential security problems that
arise in some mobile IP scenarios.  For example, unless a host can
authenticate its right to use an invariant IP address (not one
assigned by the network currently providing the access service), then
there are obvious denial of service vulnerabilities.  There is also an
option to tie such authenticated assertions into a billing scheme.
Similarly, to avoid networks from claiming to be serving a given
address for a mobile user, when he is actually elsewhere, one can use
the basic assertion provided by the host to "convince" other networks
that the service provider in question is currently authorized by the
host to act as its portal into the Internet.  This could be viewed as
just a special case of a more general problem that, today, we address
through the use of static routes.

Steve

References:

Re: >IPSEC Charter - New Dra

From: "Perry E. Metzger" <pmetzger@lehman.com>

Prev by Date: IPSEC KM Requirements
Next by Date: Re: IPsec near term work
Prev by thread: Re: >IPSEC Charter - New Dra
Next by thread: Re: >IPSEC Charter - New Dra
Index(es):
- Main
- Thread