[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSP Management Specifications was - Re: Managing IPSP
Hi Uri,
The ipsec WG does need to develop a draft recommendation for "management of
IPSP" (aka ah/esp). Your contributions would be greatly helpful if you are
working in this area. Most of the security management problems have been
worked before so you might want to check the NIST and ISO publications for NLSP
(ISO11577). There was a complete CMIP MIB developed for NLSP. Some of this
work could be converted to SNMP (just a rough idea for a starting point).
Note that there could be specific work items for:
1) ah/esp security management (perhaps two specifications)
- access control (allowed network addresses, allowed protocols, etc.)
- audit / alarms
- configuration
- etc.
2) Security for IPSEC Management
it would be nice to decouple security from the security management info
What if IPSEC security management used SNMP over IPSP (aka ah/esp)?...
3) Key Management (we are already working on the real-time exchange
part of this item). There still needs to be additional functionality for
moving keys, managing IKMP, etc. Note that access control mechanisms should
be defined both at the IKMP level and at the netework (ah/esp) level.
At the IKMP level access control could be based on allowed lists of
"identities". A SA would then only be created for an acceptable identity.
Regards,
Paul
_______________________________________________________________________________
Subject: Managing IPSP
Author: uri@watson.ibm.com@INTERNET
Date: 8/21/95 12:41 PM
X-External-Networks: yes
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 282
Hi,
If you think it's worth to work on providing
"manageability" to IPSP, or would like to
participate in WG that will do it - please
send me e-mail. I'm trying to judge the
amount of interest (and participants :-).
--
Regards,
Uri uri@watson.ibm.com
-----------
<Disclamer>
Follow-Ups: