[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auditing

To: Bill Sommerfeld <sommerfeld@apollo.hp.com>, Ran Atkinson <rja@inner.net>
Subject: Re: auditing
From: Ran Atkinson <rja@inet.org>
Date: Wed, 2 Apr 97 22:30:56 GMT Daylight Time
Cc: ipsec@tis.com, Stephen Kent <kent@bbn.com>
References: <199704022147.QAA00458@thunk.ch.apollo.hp.com>
Sender: owner-ipsec@ex.tis.com

--- On Wed, 02 Apr 1997 16:47:55 -0500  Bill Sommerfeld <sommerfeld@apollo.hp.com> wrote:

> >   RADIUS has its own security and does not rely on IPsec, hence there
> > is no circular dependency.  
> 
> Of course, this means that outbound (and inbound) logging traffic
> needs to be treated the same way as key management traffic, bypassing
> any ipsec policy engine which might trigger the creation or use of a
> security association...
> 
> 					- Bill

OR it means that the IPsec Policy Engine knows to bypass RADIUS
traffic around IPsec -- as part of the Policy Engine's knowledge 
of the IPsec policy for that system.

Bypassing might be quite reasonable for RADIUS since RADIUS has its own 
built-in security.  I suspect that there are in fact N applications where 
one doesn't want to apply IPsec on top of some other higher-layer 
security mechanism (SSH, SSL, and PEM, provide potential examples of this).

Ran
rja@inet.org

References:

Re: auditing

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: Re: auditing
Next by Date: Apology
Prev by thread: Re: auditing
Next by thread: Re: auditing
Index(es):
- Main
- Thread