[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modular approach to key management

To: Hugh Harney <hh@columbia.sparta.com>, " " <amir@watson.ibm.com>
Subject: Re: Modular approach to key management
From: cdbrown@somnet.sandia.gov (C. Douglas Brown)
Date: Mon, 5 Dec 1994 13:02:50 -0700
Cc: "Housley, Russ" <housley@spyrus.com>, ipsec@ans.net, hh@columbia.sparta.com

Having followed the IPSEC mailing list silently, but with great interest,
for a long time, I'll throw in my vote on the firewall issue:

While Hugh is correct that the most secure solution is to perform the
encryption at the end systems, the practicalities of implementation make
that somewhat difficult to achieve in the short term, with the wide variety
of operating systems running out there in the network.

We already place a great deal of trust in our routers and limit access to a
small group of network managers and use them to filter access into and out
of our networks at Sandia.  That would be one of the most secure places in
our networks to implement IP encryption.

We are more interested in protecting our data from outsiders in the
Internet than from insiders at Sandia, although the latter is also
important.  We would prefer to start with encryption from the firewall out
and migrate it to the hosts as software becomes available for our various
platforms.

- Doug Brown


C. Douglas Brown                        cdbrown@sandia.gov
Sandia National Laboratories            Phone: (505) 845-8699
Albuquerque, New Mexico  87185-0811     FAX:   (505) 844-2067

Prev by Date: SKIP patents will be in public domain
Next by Date: Re: SKIP patents will be in public domain
Prev by thread: Re: Modular approach to key management
Next by thread: Re: Modular approach to key management
Index(es):
- Main
- Thread