Re: "user" and "network layer" security.

[Phil Karn <karn@qualcomm.com>]

>I am working on my list of items that makes Oakley (and GKMP, did you see
>the drafts just released?) on ISAKMP as the better mechanism for a
>inter-business security.  SKIP, it looks like can be made to work for the
>intra-business model.  After all it is simple and inter-business is not.

Hmm, your "inter-business" and "intra-business" distinction is a very
insightful one.  My original goal for IPSEC was clearly to solve what
you are calling the "intra-business" security problem, at least for
the kind of business that doesn't have so many internal compartments
that it is really a bunch of completely separate businesses under one
roof. As you say, the other model is a LOT more complicated.

I think the intER-business problem is better left to the application
layer security guys. There certainly are many more of them on the job
now than a few years ago, and some knowledgeable customers do seem to
like what they're doing.

For example, Bank of America and Wells Fargo both support home banking
via secure Netscape. I can't think of any non-governmental entity more
conservative on security than a bank, so it seems they must have
conducted at least *some* level of in-house security
review. Especially since under the current banking laws, the banks
assume most of the risk of a security breach just as they do with
credit cards.

Phil

---

Follow-Ups:

• Re: "user" and "network layer" security.
• From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

---

• Prev by Date: "user" and "network layer" security, a renewed IPSEC.
• Next by Date: Re: "user" and "network layer" security.
• Prev by thread: Re: "user" and "network layer" security.
• Next by thread: Re: "user" and "network layer" security.
• Index(es):
  • Main
  • Thread