[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What can applications running over ipsec assume?
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
> My own view is that the ipsec layer should pass the security characterist
ics
> of a received packet up to the transport layer. It, in turn, must
> match those characteristics against what the user has requested. Packets
> that don't meet those requirements are dropped.
>
This seems sensible.
I think a generalized form of this would be:
Each layer above ipsec needs to:
1) provide some form of access control limiting which incoming packets
are accepted and passed upwards, based on the identity of the sender
and the quality of protection
2) where appropriate, pass up information about the identity
of the sender and the quality of protection of data
passed upwards. (That's worded awkwardly.. anyone got
a better phrasing?)
Some applications would want to rely on (1); others would want to rely
on (2). For instance, an SMTP server would most likely not deny
service to an unauthenticated sender, but might want to log the
identity of the sender if it was known. You could of course, use both
(1) and (2) in conjunction (i.e., insist on confidentiality and/or
data origin authentication, but let the application make the final
access control decisions).
It implies modifications to APIs at 2 layer boundaries.
I guess if there was work proceeding to define these API changes you would
have mentioned it...
I haven't seen any public discussion of API's for this yet and I
suspect that such discussion would be premature until more of this is
nailed down..
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBMCfn0lpj/0M1dMJ/AQHSlwP+Jd45lCKOr4OQ9qF+p2MnrCcPsWsjNs1H
7tDmovWtfLae1/gm0baHoCy3UR8JxTwZNIM8SriM/FtnNyXvoo3SAVOQbQ5VNXVP
h30OUSxBabMu7+R1+b+NP01LK2cRV6bMs7KmkMjRFYvzs2a33URxDfudTX3l5A0v
U0KsE1kEaBs=
=NvQl
-----END PGP SIGNATURE-----
References: