[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: Human I&A, IPsec, and their non-relationship

To: perry@imsi.com
Subject: Re: Re[2]: Human I&A, IPsec, and their non-relationship
From: Charlie Watt <watt@sware.com>
Date: Fri, 16 Dec 1994 13:48:49 -0500 (EST)
Cc: ipsec@ans.net
In-Reply-To: <9412161743.AA02654@snark.imsi.com> from "Perry E. Metzger" at Dec 16, 94 12:43:06 pm
Sender: Charlie Watt <watt@sware.com>

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBwDCCAWoCEQC43J7oZ50NWTRSVBShvvaXMA0GCSqGSIb3DQEBAgUAMFkxCzAJ
 BgNVBAYTAlVTMRgwFgYDVQQKEw9TZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNl
 Y3VyZVdhcmUgUENBMRcwFQYDVQQLEw5FbmdpbmVlcmluZyBDQTAeFw05NDA0MDUx
 NzA2NDJaFw05NTA0MDUxNzA2NDJaMHAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9T
 ZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNlY3VyZVdhcmUgUENBMRcwFQYDVQQL
 Ew5FbmdpbmVlcmluZyBDQTEVMBMGA1UEAxMMQ2hhcmxlcyBXYXR0MFkwCgYEVQgB
 AQICAgQDSwAwSAJBDNmUqe2+nqg6iuUWzxaXegxki426RzmVNO6VHHYCV4nbo/WL
 X9a7Jn/2nWqZUK/l+RXqCHU/21Ur9jFIt4GNHhcCAwEAATANBgkqhkiG9w0BAQIF
 AANBAEY6kP5jHqK9B9PhZCCJ9mckYuKMufWr7l61LulXGwUTqFzjFC0MOYwXo5s+
 8lqrLQ7YpTzyE74pKR1cl5TAUU4=
MIC-Info: RSA-MD5,RSA,
 CcjMnRnpJZiNm94mqk/HbPmddcp6rOgKIgVTQwQEgtTVn5EzezRh6fU8LEb5LCJh
 dYby+g5iZ12BUYpEHsbxER0=

X-Sensitivity-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED
X-Information-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED

> 
> 
> "Housley, Russ" says:
> > > So --- are we all in agreement with Ran that IPSEC is *not* trying to
> > > solve the human-computer authentication problem?
> > 
> > I agree.  IPSEC is not trying to solve the human-to-computer
> > identification and authentication problem.
> 
> The fact that we are not trying to solve it, however, does not mean we
> should impede its being solved. I think it is actually a requirement
> that any solution *not* impede authentication systems being built on
> top of our protocols.
> 
> .pm

Perry,

I may finally understand.  Is this an accurate summary:

	The network layer security protocol adopted by IPSEC should provide
	host-to-host security services, including peer-host authentication.

	It may be beneficial to allow multiple security associations between
	a given pair of hosts.  If so, no specific connotation is implied
	for the different associations -- such meaning might be determined by 
	the individual NLSP service consumers, or by a specific implementation
	of the NLSP.

	To provide its services, the NLSP requires the use of a key management 
	service.  As there will be other IETF protocols and services 
	requiring key management, and as it is desirable to minimize the
	number of overlapping protocols, the key management protocol developed
	for use by the NLSP should support (or at least not preclude) use with 
	these other services, such as user authentication.

Charles Watt
SecureWare, Inc.

-----END PRIVACY-ENHANCED MESSAGE-----

Follow-Ups:

Re: Re[2]: Human I&A, IPsec, and their non-relationship

From: "Perry E. Metzger" <perry@imsi.com>

References:

Re: Re[2]: Human I&A, IPsec, and their non-relationship

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: Re[2]: Human I&A, IPsec, and their non-relationship
Next by Date: Re: Re[2]: Human I&A, IPsec, and their non-relationship
Next by thread: Re: IPSEC at Dec IETF
Index(es):
- Main
- Thread