[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSP Management Specifications was - Re: Managing IPSP

To: uri@watson.ibm.com, ipsec@ans.net
Subject: Re: IPSP Management Specifications was - Re: Managing IPSP
From: Michael Richardson <mcr@milkyway.com>
Date: Tue, 22 Aug 1995 20:27:07 -0400
In-Reply-To: Your message of "Tue, 22 Aug 1995 19:17:57 EDT." <9508222317.AA35218@hawpub.watson.ibm.com>
References: <9508222317.AA35218@hawpub.watson.ibm.com>


> First - it's not "managing *via* IPSP - it's managing IPSP *itself*.

  I realize that. 

> Second - I don't think it maps onto firewall world at all.
 
  Maybe I misunderstand the point: I assume that you want to determine
	a. when to encrypt --- by source, dest, service.
	b. when to authenticate --- src,dst,service
	c. when to accept without ESP, by src,dst,service
	d. when to accept without AH, by src,dst,service
 
  It you can do all of those things, you can have a security gateway.

> IPSEC for SNMP auth is wrong,  since SNMP  is designed  to go over many
> more transports, than IP (or IPSEC). Using SNMP for IPSEC configuration
> seems perfectly good idea to me.

  I agree about SNMP over IPSEC being wrong. Maybe in couple of weeks the
the SNMPv2 proposals will settle down again with a clear security contender.
   --- you have to use authenticated SNMP for IPSEC configuration.



   :!mcr!:            |     <A HREF="http://www.milkyway.com/">Milkyway 
Networks Corporation</A>
   Michael Richardson |   Makers of the Black Hole firewall 
 NCF: aa714 || xx714  | +1 613 566-4574 ... mcr@milkyway.com
 Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio
.html">mcr@sandelman.ocunix.on.ca</A>. PGP key available.

Prev by Date: Re: IPSP Management Specifications was - Re: Managing IPSP
Next by Date: WIRELESS NETWORKS - CONTENTS
Prev by thread: Re: IPSP Management Specifications was - Re: Managing IPSP
Next by thread: WIRELESS NETWORKS - CONTENTS
Index(es):
- Main
- Thread