[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and Network Analysis



The conventional dogma among the IPsec community is that this is a bad idea.

However, there ARE people who feel that issues of maintainability and
protocol certification merit some capability to do this.

The IPsec MIB has the potential to support this, although that's not
necessary.

I like to remind people that the dirty truth is, the way people are
building this stuff is that they disengage the crypto one way or another to
debug, and debugging for interoperability is very close to ongoing
maintenance situations.  Another point is, these crypto people are smart,
so they should be able to come up with a safe way to do this.  After all,
we're not asking for a big switch on the side of the box labelled
"DISENGAGE CRYPTO SILENTLY".

At 01:28 PM 6/3/97 -0400, you wrote:
>
>How easy will it be to turn the encryption off when
>necessary for troubleshooting? Will IPSEC render all 
>the management and monitoring tools like RMON probes 
>useless?


                        ---- ----
               Rodney Thayer rodney@sabletech.com
Sable Technology Corporation +1 617 332 7292
           246 Walnut Street +1 617 332 7970 (Fax)
            Newton, MA 02160 



References: