[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I do not see any reason why the specs should prohibit an intermediate
router from being party to a Security Association between two other
systems (call them S and D) as long as those systems (S and D) choose
to let that router be party to their Security Association. Now key
management (etc) are much harder in such usage, but that is a problem
tobe solved by the users desiring such an arrangement. I don't
think that any standards-track key mgmt protocol is required to
solve that intermediate-router keying problem.
The specs CURRENTLY DO NOT PROHIBIT such an arrangement and it might
be desirable in some user communities to operate in that manner.
Yup. This is by intent. At least, it was my intention that this
be permitted in my input on the subject.
Further, I note that the IAB Workshop report from last spring clearly
stated that letting some intermediate routers be party to a Security
Association might be desirable in some cases. (That RFC used different
language but clearly had that meaning).
Again, yes. I was at the workshop, and I pushed this point. My reasoning
is very simple: given the current paucity of tamper-resistant crypto gear
in the civilian market, one can often achieve greater security by
doing the encryption in some ordinary box that's in a secured room.
Besides, many LANs are administered as a single machine that happens
to have a long skinny yellow backplane...