[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject

smap (V3.1.1)
	id xma025577; Thu, 15 Aug 96 11:53:52 -0400
Received: by pilot.firewall.is.chrysler.com; id LAA12854; Thu, 15 Aug 1996
11:56:04 -0400
Received: from mhbclpr2-le0.is.chrysler.com(172.29.128.206) by
pilot.is.chrysler.com via smap (g3.0.1)
	id sma012842; Thu, 15 Aug 96 11:55:58 -0400
Received: from rgm3 (rgm3.is.chrysler.com [129.9.247.160]) by
mhbclpr2-nf0.is.chrysler.com (8.7.5/8.7.3) with SMTP id LAA02750; Thu, 15
Aug 1996 11:48:35 -0400 (EDT)
Message-Id: <2.2.32.19960815155352.00978dc0@pop3hub.is.chrysler.com>
X-Sender: rgm3@pop3hub.is.chrysler.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 15 Aug 1996 11:53:52 -0400
To: David Wheeler-P26179 <David_Wheeler-P26179@email.mot.com>, ipsec@TIS.COM
From: Robert Moskowitz <rgm3@chrysler.com>
Subject: Re: "Re: DNS? was Re: Key Management, an
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

At 11:53 AM 8/14/96 -0500, David Wheeler-P26179 wrote:
>
>I have a problem with this as a basis for authentication also.  If I am 
>"dialed-in" through my ISP, and receive a dynamic address, I don't have a DNS 
>entry, hostname, or otherwise.  In fact, the only thing I really have is an e-
>mail address.  The question that really needs to be asked is:
>
>    "What am I authenticating:
>        a person,
>        a machine/host,
>        or a network entrypoint?
>
>I can make a case for all three given different security policies, and 
>different security perspectives.

I think I have said this a number of times.  The auto industy is starting to
move forward with their inter-partner security requirements.  All of the
above will be used.  Also due to different policies and changing software,
option negotiation will be very important in a key mananagement protocol.
So too will RSVP and multicast support.  Of course PFS will be used.  ITAR
and such might get very interesting.

If I redefine VPN as:

Privacy via a secure network protocol and Membership via secure key
exchange, then the auto industry will have many VPNs working over the same
infrastructure.  Chyrsler might have the Catia community and Ford the CP3.
Frank Nylon Bushing might be connecting their 2 plants and 2 remote sales
people.  And PACCAR their engine systems with Cat and Allison-Chalmers.  Etc.

DNSSEC can barely get me started.  Only those sites with dedicated
connections and then really only for tunnels.  The interesting part will
require something more, X.509v3 or DSS perhaps?  We do have our own agency
to handle our registry.


Robert Moskowitz
Chrysler Corporation
(810) 758-8212
Prev by Date: No Subject
Next by Date: No Subject
Prev by thread: No Subject
Next by thread: No Subject
Index(es):
- Main
- Thread