Re: basic question: should we allow firewall-like implementations?

[Hugh Harney <hh@columbia.sparta.com>]

Hello Amir,

>should the standard exclude the implementation on small, router-like
>machines?

I believe that key management needs to be performed where IP-security is
performed. That location is an IP security end point. Yes, there is a real need
for gateways and filtering firewalls. They provide a critical service in todays
Internet environment.  They  are security  end points. 


>I believe the reality is that we need a solution which could be implemented
>in a router (or gateway, filtering firewall,...), to protect an entire network
>in one access point. This is one of the benefits of doing an IP-layer solution
>in the first place, and has been frequently mentioned as a req' for IP-SEC.


I believe gateway encryption service is useful for some systems today. I don't
believe it should be the goal architecture for the network. The goal should be
to have the endsystems perform IP security. 

An encryption gateway based architecture burdens the routers with having to
worry about how a message is delivered to a network. Today routers know
about connectivity. Encryption gateways force routers to know about the
topology of the network.  

Hugh

---

References:

• Re: basic question: should we allow firewall-like implementations?
• From: " " <amir@watson.ibm.com>

---

• Prev by Date: Re[2]: Modular approach to key management
• Next by Date: Re: Re[2]: Modular approach to key management
• Prev by thread: Re: basic question: should we allow firewall-like implementations?
• Next by thread: Re[2]: Modular approach to key management
• Index(es):
  • Main
  • Thread