[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC requirements

To: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>
Subject: Re: IPSEC requirements
From: Steve Kent <kent@BBN.COM>
Date: Wed, 31 Aug 94 15:06:08 -0400
Cc: ipsec <ipsec@ans.net>
In-Reply-To: Your message of 31 Aug 94 11:52:38 +0600. <9408311858.AA0908@watlny03.watson.ibm.com>

Mark,

	Although one can provide confidentiality at the application
layer, there are many good reasons for providing it at the network
layer, not just its lack of availability in current applications,
which motivate development of IPSP.  Similar arguments apply for
integrity.  Autehntication may be a various levels of granularity, not
just IP addresses, and is needed not just for firewalls, but
implicitly for applications/users who want to know with whom they are
communicating.  One might provide authentication at the granularity of
individual IP addresses, subnets, protocol type, TCP port pairs (ouch,
layer violation!), etc.

Steve

References:

IPSEC requirements

From: Mark H Linehan/Watson/IBM Research<linehan@watson.ibm.com>

Prev by Date: Re: (Fwd) Authentication and encryption.
Next by Date: Re: IVs, summary of discussion
Prev by thread: IPSEC requirements
Next by thread: IPSEC requirements
Index(es):
- Main
- Thread