>Issue #1: > > Is it appropriate for IPSEC to break network architecture, given > the absence of experience implementing security on the proposed > scale? IPsec does not break the "Internet Architecture". The use of the term "user" with IPsec security associations is confusing, but not inappropriate for some scenarios. Key management is an application layer activity where the security associations are created and provide authentication to peer application layer entities. The security association is then available to be used by ESP, AH or perhaps other security mechanisms. The authentication provided by applicaitons can be at the granularity of a "user". The use of the resulting authenticaiton process can be enforced at the network layer using ESP or AH. There is significant experience fielding network layer security by various governments and defense contractors. There is also significant experience by many commercial vendors in the fielding of proprietary implementations of network layer security technologies. > >Issue #2: > > Where is it established that network layer mechanisms should be > used to implement application layer security? Should? Secure systems can be built from many mechanisms. IPsec provides application layer authentication (key management) that can be used by a network layer security mechanism (ESP and/or AH). I do agree that there are issues with "user-oriented" versus "network-oriented" security. My issue is with the information bound to a security association. The definition of naming approaches (public key infrastructure etc.) has moved even slower then IPsec :-) The real issue that needs to be addressed is the naming framework that we are building into our security architecture. One aspect of these names might be "what" they represent. Paul --------------------------------------------------------------
-- BEGIN included message
- To: ipsec@tis.com
- Subject: "user" and "network layer" security. reply to respondents.
- From: "Mitchell C. Nelson <nelson@mcn.netsec.com>" <ipsec-request@neptune.hq.tis.com>
- Date: 25 Aug 96 23:09:58
- Sender: ipsec-approval@neptune.hq.tis.com
The term "user" is undefined in the network layer of IP. It has no sensible context in a discussion of *network layer* security mechanisms. Moreover, introducing a parameter to the network layer that corresponds to "user", breaks the network architecture. These are basic facts of IP architecture. The basic facts of IP architecture are established by agreed upon definition. Important issues are raised by these basic facts. Arguments such as those based on suggested hacks of network codes and operating systems, are all specious with respect to the real issues. Issue #1: Is it appropriate for IPSEC to break network architecture, given the absence of experience implementing security on the proposed scale? Issue #2: Where is it established that network layer mechanisms should be used to implement application layer security? Regards, Mitch Nelson netsec@panix
-- END included message