[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: basic question: should we allow firewall-like implementations?

To: Hugh Harney <hh@columbia.sparta.com>, ipsec@ans.net
Subject: Re: basic question: should we allow firewall-like implementations?
From: " " <amir@watson.ibm.com>
Date: Wed, 23 Nov 1994 10:05:48 -0500
In-Reply-To: Hugh's message of "Wed, 23 Nov 1994 09:51:55 EST." <9411231451.AA08631@columbia.sparta.com>


Hello Russ, Hugh and all,

I do not suggest that everybody should implement key management for
IP, and IP layer security, in routers. However I believe this would be a
practical solution for many scenarios, in conjunction with end to
end solutions.

Of course I understand and respect your viewpoint. However, the question is:
should the standard exclude the implementation on small, router-like machines?

I believe the reality is that we need a solution which could be implemented
in a router (or gateway, filtering firewall,...), to protect an entire network
in one access point. This is one of the benefits of doing an IP-layer solution
in the first place, and has been frequently mentioned as a req' for IP-SEC.

I think this is an important point that the WG should consider. Namely, I
urge all of you IP-Sec-ers to voice your opinion on this and have a
discussion on net and in the IETF. While I believed we have agreement on
this, it appears that even such basic design decisions are not clear yet.

Best, Amir

Follow-Ups:

Re: basic question: should we allow firewall-like implementations?

From: Hugh Harney <hh@columbia.sparta.com>

References:

Re: Modular approach to key management

From: Hugh Harney <hh@columbia.sparta.com>

Prev by Date: Re[2]: basic question: should we allow firewall-like impleme
Next by Date: Re[2]: Modular approach to key management
Prev by thread: Re: Modular approach to key management
Next by thread: Re: basic question: should we allow firewall-like implementations?
Index(es):
- Main
- Thread