Re: What can applications running over ipsec assume?

[smb@research.att.com]

	 -----BEGIN PGP SIGNED MESSAGE-----

	 content-type: text/plain; charset=us-ascii

	 I've been following the ipsec work for just about a year now, from
	 (among other things) the point of view of being a potential user of
	 these protocols.

	 As best I can tell, the current IPSEC architecture documents make no
	 mention of what services are visible from the point of view of
	 *applications* running on top of transport-layer protocols running
	 over ipsec.

	 Clearly, certain guarantees need to be made in order for IPSEC to
	 provide useful security services to applications.  A number of them
	 seem fairly obvious to me.. but if everyone doesn't agree on what
	 these guarantees are, either interoperability or security or both will
	 suffer.

My own view is that the ipsec layer should pass the security characteristics
of a received packet up to the transport layer.  It, in turn, must
match those characteristics against what the user has requested.  Packets
that don't meet those requirements are dropped.

---

Follow-Ups:

• Re: What can applications running over ipsec assume?
• From: Bob Smart <smart@mel.dit.csiro.au>
• Re: What can applications running over ipsec assume?
• From: Steve Kent <kent@BBN.COM>

---

• Prev by Date: What can applications running over ipsec assume?
• Next by Date: Re: What can applications running over ipsec assume?
• Prev by thread: What can applications running over ipsec assume?
• Next by thread: Re: What can applications running over ipsec assume?
• Index(es):
  • Main
  • Thread