[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP security

To: alten@novell.com
Subject: Re: IP security
From: Hilarie Orman <ho@cs.arizona.edu>
Date: Tue, 26 Sep 1995 20:04:19 -0700
Cc: dns-security@tis.com, ipsec@ans.net
In-Reply-To: Yourmessage <9509270214.AA14608@na.SJF.Novell.COM>

The RFCs in question address IP message protection and authentication,
not much more nor less, just as one would wish.  Can there exist an
interface to higher levels that provide authentication at the
granularity of a "user" (whatever such an entity may be)?  It appears
so to several people, and the binding between security association
identifiers and users is the central to the feasibility.  The
mechanism of that binding and the interface to it hasn't been defined
in detail yet.  So we have a network level mechanism with the informal
claim that it covers almost all transport level uses, given an
appropriate interface definition.

One important use that the RFC's don't define is a way of providing
message protection at a granularity smaller than one IP message.  If
this is crucial to one's need for security, then another mechanism
will be required.  Multipart secure messages seem like a useful thing
for many applications, of course.  So I think there is a legitimate
argument that is brewing where the application layer security people
clash with the ESP people on which territory is more rightfully theirs.

Prev by Date: pre "publication" drafts
Next by Date: 3DES keys
Prev by thread: pre "publication" drafts
Next by thread: 3DES keys
Index(es):
- Main
- Thread